Date: Tue, 22 Feb 2000 14:56:34 -0500 (EST) From: "Chris D. Faulhaber" <jedgar@fxp.org> To: Peter Jeremy <peter.jeremy@alcatel.com.au> Cc: freebsd-audit@FreeBSD.ORG Subject: Re: Software security scanner Message-ID: <Pine.BSF.4.10.10002221451110.10976-100000@pawn.primelocation.net> In-Reply-To: <00Feb23.065008est.115215@border.alcanet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 23 Feb 2000, Peter Jeremy wrote: > > It sounds like a useful tool to find the bits of code that need to > be studied in depth. Has anyone looked at it? > As a matter of fact, I have. See http://www.FreeBSD.org/~jedgar/its4.shar for my preliminary port. It seems to be decent at showing possible vulnerabilities, but doesn't always differentiate between real problems and potential ones (e.g. proper and improper uses of sprintf). Even so, it does make it easier to scan code than manually grepping, especially for those who are not familiar with good programming techniques. My only problem with the port is some ambiguity with their licensing WRT commercial use...and not seeming to know the proper snprintf syntax in their configure script :) ----- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10002221451110.10976-100000>