Re: calling all software security tool vendors/freeware/open source project leads

From: Ashish Popli (apopli_at_gmail.com)
Date: 04/02/05

  • Next message: Ashish Popli: "Re: Categories for application security testing & tools"
    To: secprog@securityfocus.com
    Date:  Fri, 01 Apr 2005 23:30:46 -0500
    
    

    David A. Wheeler wrote:
    > My flawfinder home home at http://www.dwheeler.com/flawfinder
    > links to a number of tools & papers for static source code
    > analysis to find security flaws.
    >
    > Until Arian Evans' master list is available at OWASP,
    > if you're looking for information that might be a
    > good place to start. (Arian Evans is already aware of this.)
    >
    > Arian: I suggest that you list not just the tools
    > themselves, but also (some) papers about the tools.
    > Many of the people looking at the tools will want to
    > read reviews of the general technology & of specific tools.
    > You won't be able to list all papers, but a starting
    > point for people would be very helpful.
    >
    > --- David A. Wheeler
    >
    >
    >
    A good introductory article on static analysis of source code for
    analyzing security issues can be found at
    www.cigital.com/papers/download/bsi5-static.pdf


  • Next message: Ashish Popli: "Re: Categories for application security testing & tools"