Thanks for the links Javier, in case your interested I've been working
on a lecture recently on the subject of C Source Code Auditing. It
should be done sometime this month. I'll be covering some of the tools
I use like cscope and ctags along with how to spot some of the
vulnerable code and some of the finer points of what makes code
vulnerable in the first place. All this will be going on on the irc
server at pulltheplug.org where I'll be giving some live demos via
screen and ttyrec of a auditing session. However if you can't make it
I'm publishing a paper covering all of the topics discussed in the
lecture which I'll gladly post a link to here when its finished.
Thanks,
David D. Rude
bannedit@xxxxxxxxxxxxxxx
Quoting Javier Fernández-Sanguino Peña <jfs@xxxxxxxxxx>:
I'm not sure if you guys were aware of the "Build Security In" portal
dedicated to code security and quality, that has just been launched. It is
available at https://buildsecurityin.us-cert.gov/
The "Source Code Analysis Tools" section at
https://buildsecurityin.us-cert.gov/portal/article/tools/code_analysis/overview.xml
is worth reviewing. The code samples are missing, though.
People contributing to the portal include Gary McGraw and Ken van Wyk.
Definitely worth a look.
Regards
Javier
|
| 
