Secure Coding mailing list archives
Re: LinuxWorld | Secure coding attracts interest, investment
From: Mars IMAP <jared_robinson () email com>
Date: Thu, 03 Jun 2004 17:42:11 +0100
BugScan probably competes with the @Stake tool, and works on object code: http://www.hbgary.com/index.asp?G1=2&G2=1 Coverity's tool is absolutely *outstanding* on C code. They plan to have C++ support soon. http://coverity.com/main.html The Fortify tools (http://fortifysoftware.com) look good, from what I've seen in a demo. And there's a new release of Flawfinder that just came out. It has documentation on how to integrate with vim and emacs, and has features to suppress more false positives. http://www.dwheeler.com/flawfinder/ - Jared Kenneth R. van Wyk wrote: Greetings all, FYI, it looks like we're at the beginning of a new wave of software security tools. There's a few commercial products beginning to hit the market that take static src code scanning to a new level. See the link below for a LinuxWorld article that briefly (!) describes @stake's new SmartRisk Analyzer tool in addition to Fortify's Source Code Analysis suite. These appear to pick up where current static analysis tools (e.g., ITS4, Flawfinder) leave off. Anyone here willing/able to share some _user_ level experiences with any of these tools? It'll be interesting to hear how they hold up in real software development environments. http://www.linuxworld.com.au/nindex.php/id;1780700095;fp;2;fpid;1 Cheers, Ken van Wyk
Current thread:
- LinuxWorld | Secure coding attracts interest, investment Kenneth R. van Wyk (May 26)
- Re: LinuxWorld | Secure coding attracts interest, investment Mars IMAP (Jun 03)