Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


The Hope of Code Checkers
.

  • To: "Patch Management Mailing List" <[EMAIL PROTECTED]>
  • Subject: The Hope of Code Checkers
  • From: David Fetrow <[EMAIL PROTECTED]>
  • Date: Thu, 15 Apr 2004 14:10:56 -0700 (PDT)
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
  • Reply-to: "Patch Management Mailing List" <[EMAIL PROTECTED]>
.
 
On Thu, 15 Apr 2004, Adam Shostack wrote:

> Tools that examine code for things that can lead to
> problems, (eg, RATS, ITS4, splint), and tools that break entire
> classes of problem (stackgaurd, Sana, Okena and the like).
>
> (The code examining tools are the free, static code checkers.  There
> are also dymanic testing tools from companies like spidynamics,
> sanctum, and WhiteHat.)
>
> I think that as these code checking tools improve, we may see an
> improvement in code quality that comes along with that.  Have you
> asked your software vendor what they do to assure code quality lately?


 I wouldn't get too optimistic. Running lint, splint (or even gcc with
 -Wall) on C code you're using now in production can be a depressing
 albeit eye opening exercise.

 Adjust tool and language names for your environment.

 But hey, lint has only been around for *** 30 years *** or so, maybe
 the NEXT generation of coders will do the right thing.



---
To unsubscribe send a blank email to [EMAIL PROTECTED]
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.