Security Basics mailing list archives

RE: Secure Coding - Static Code Analysis Tools

From: "Marco M. Morana" <marco.m.morana () gmail com>
Date: Sat, 22 Sep 2007 10:04:38 -0400

A good reference is the NIST SAMATE list under the source code analyzers
classification there are listed several tools and their availability (e.g.
pen source and commercial):
http://samate.nist.gov/index.php/Source_Code_Security_Analyzers

Marco


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Brad Andrews
Sent: Friday, September 21, 2007 2:58 PM
To: security-basics () securityfocus com
Subject: Secure Coding - Static Code Analysis Tools


Does anyone know if any companies other than Fortify Software and  
Ounce Labs provide software/systems that will scan source code for  
code security vulnerabilities, such as those noted in the OWASP Top 10?

I did find a reference to Klockworks, but they seem to be aimed at  
more traditional code scanning rather than looking for possible  
security holes.

Any other references to check out would be appreciated.

Brad

Current thread:

Secure Coding - Static Code Analysis Tools Brad Andrews (Sep 21)
- Re: Secure Coding - Static Code Analysis Tools Allan Wind (Sep 21)
- RE: Secure Coding - Static Code Analysis Tools Marco M. Morana (Sep 25)
- <Possible follow-ups>
- Re: Re: Secure Coding - Static Code Analysis Tools rohnskii (Sep 25)
- Re: Secure Coding - Static Code Analysis Tools brendan . harrison (Sep 25)
- Re: Secure Coding - Static Code Analysis Tools madhunika (Sep 25)
- Re: Secure Coding - Static Code Analysis Tools Dan Otogenick (Sep 25)