Re: Dynamically Debugging for Security Bugs -- a useful tool ?
From: Ben Laurie (ben@algroup.co.uk)
Date: 03/12/03
- Previous message: mlh@zip.com.au: "Re: Dynamically Debugging for Security Bugs -- a useful tool ?"
- In reply to: P. S.: "Dynamically Debugging for Security Bugs -- a useful tool ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Mar 2003 21:29:48 +0000 From: Ben Laurie <ben@algroup.co.uk> To: "P. S." <p.s@campus.ie>
P. S. wrote:
> What I would like to know is, would such a tool be useful in the
> search for security bugs ? What other features would you see as
> essential or nice to have ? Also what IDE would you see this
> benefitting, KDevelop (C++), Eclipse (Java), NetBeans (Java), etc etc
> ? Obviously, Eclipse and NetBeans may be limited as they are for
> Java programming and security bugs are more rampant in C++, C etc.
> Any comments or criticisms you may have are very welcome.
I think it would be pretty darn cool. However, I'll be pretty amazed if
you can actually do it for C. In particular, "which lines affect this
variable" is highly nontrivial.
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
- Previous message: mlh@zip.com.au: "Re: Dynamically Debugging for Security Bugs -- a useful tool ?"
- In reply to: P. S.: "Dynamically Debugging for Security Bugs -- a useful tool ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
