Jose Nazario. Source code scanners for better code. The Linux Journal http://www.linuxjournal.com/article.php?sid=5673, January 2002.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....hardware and operating systems by using non executable memory pages. Flawfinder [28] RATS [26] and ITS4 [8] are all tools that examine source code and report possible weaknesses. An overview of these tools, along with a comparison of their capabilities, can be found in an Linux Journal article [19]. In general, these tools direct the attention of code auditors to C C functions that are known to be associated with security problems (i.e. buffer overflows, format string problems, temporary file race conditions) and produce a list of vulnerable code statements. The Splint utility [16] ....

J. Nazario. Source code scanners for better code. Linux Journal, January 2002. http://www.linuxjournal.com/article.php?sid=5673.

....with low enough false positives. Our conclusion is that none of them can really give the programmer peace of mind. And combining their output would be tedious. 5 Related Work We have found one comparative study made of static intrusion prevention tools Source Code Scanners for Better Code [19] by Jose Nazario. He compares the result from ITS4, Flawfinder and RATS when testing a part of the source code for OpenLDAP known to be vulnerable. It only contains one call to one of our 23 vulnerable functions vsprintf ( No test for false positives is done either. A study with another focus ....

Jose Nazario. Source code scanners for better code. The Linux Journal http: //www. linuxjournal. com/article.php?sid=5673, January 2002.

No context found.

Jose Nazario. Source code scanners for better code. The Linux Journal http://www.linuxjournal.com/article.php?sid=5673, January 2002.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC