Secure Coding mailing list archives
Re: Comparing Scanning Tools (false positives)
From: dwheeler at ida.org (David A. Wheeler)
Date: Tue, 13 Jun 2006 17:36:28 -0400
Crispin Cowan wrote:I would like to introduce you to my new kick-ass scanning tool. You run it over your source code, and it only produces a single false-positive for you to check out. That false positive just happens to be the complete source code listing for your entire program :)If you can guarantee it is a false positive, this is a very useful tool indeed :-)
Indeed. Unfortunately, there seems to be a distinct shortage of software that will trigger the false positive :-) :-). --- David A. Wheeler
Current thread:
- Re: Comparing Scanning Tools (false positives) David A. Wheeler (Jun 12)
- Re: Comparing Scanning Tools (false positives) Crispin Cowan (Jun 12)
- Re: Comparing Scanning Tools (false positives) Johan Peeters (Jun 13)
- Re: Comparing Scanning Tools (false positives) David A. Wheeler (Jun 13)
- Re: Comparing Scanning Tools (false positives) Johan Peeters (Jun 13)
- <Possible follow-ups>
- Re: Comparing Scanning Tools (false positives) Gary McGraw (Jun 12)
- Re: Comparing Scanning Tools (false positives) David A. Wheeler (Jun 13)
- Re: Comparing Scanning Tools (false positives) Crispin Cowan (Jun 12)