crispinWIREX.COM

• Next message: Jonathan Wilkins: "Re: code auditing tools"
• Previous message: Oliver Friedrichs: "Re: [CORE SDI ADVISORY] RealServer memory contents disclosure"
• In reply to: Oliver Friedrichs: "code auditing tools"
• Next in thread: Jonathan Wilkins: "Re: code auditing tools"
• Reply: Crispin Cowan: "Re: code auditing tools"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Oliver Friedrichs wrote:

> What do people think of automated source code review? Does anyone know of
> any other programs to assist in auditing source code? The only one I know
> of is ITS4:
>
> ITS4
> http://www.rstcorp.com/its4

Auditing tools that have not yet been mentioned:

   * David Wagner's static analysis tool for scanning for buffer overflow
     vulnerabilities. There is no one home page for it; it is the paper
     entitled "A First Step Towards Automated Detection of Buffer Overrun
     Vulnerabilities" on this page http://www.cs.berkeley.edu/~daw/papers/
   * Matt Bishop's file system race condition analyzer. Again no hope page,
     but it is the first 1996 paper on this page
     http://olympus.cs.ucdavis.edu/~bishop/scriv/index.html
   * LCLint http://lclint.cs.virginia.edu/

And no gratuitous plugs for Immunix tools, 'cause we don't do static analysis
:-)

Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org

• Next message: Jonathan Wilkins: "Re: code auditing tools"
• Previous message: Oliver Friedrichs: "Re: [CORE SDI ADVISORY] RealServer memory contents disclosure"
• In reply to: Oliver Friedrichs: "code auditing tools"
• Next in thread: Jonathan Wilkins: "Re: code auditing tools"
• Reply: Crispin Cowan: "Re: code auditing tools"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]