Static Vs. Binary

[ken at krvw.com (Kenneth Van Wyk)]

On Jul 30, 2009, at 10:57 PM, Pravir Chandra wrote:
> First, I generally agree that there are many factors that make the  
> true and factual fidelity of static analysis really REALLY difficult.

All good points, to be sure.

I'm a pragmatist, perhaps at times to a fault.  Let's not overlook in  
this debate the perspective of the practitioner.  Often, analysis of  
"binaries" (and I'm including here bytecode of various types), is done  
because the practitioner lacks access to the src (e.g., third party  
libraries and such).  I expect that anyone analyzing a system would at  
least _want_ to analyze the src code if it is available.  That is,  
among the various things one would want to look at, including dynamic  
analysis of binaries.

I'm sure this is all glaringly obvious, but what the heck.

Cheers,

Ken

-----
Kenneth R. van Wyk
KRvW Associates, LLC
http://www.KRvW.com

(This email is digitally signed with a free x.509 certificate from  
CAcert. If you're unable to verify the signature, try getting their  
root CA certificate at http://www.cacert.org -- for free.)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2252 bytes
Desc: not available
Url : http://krvw.com/pipermail/sc-l/attachments/20090730/adf3c5eb/attachment-0001.bin