Dailydave mailing list archives
Source Code Analysis
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 07 Sep 2006 11:15:21 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Source code analysis tools and products have traditionally struggled with static analysis. Their market share doesn't make it look like they're struggling, but in my opinion, the technology is not there yet. However, they do occasionally come up with interesting results. Oddly, the things they are worst at (buffer overflows) are the old-school things that are mostly gone anyways. I'm wondering what the results were for the Firefox scan announced today. The product they used was this: http://www.klocwork.com/forms/code_defect_scan.asp http://www.g2zero.com/2006/09/examining_defects_in_the_firef.html CoolQ gave a talk on his efforts regarding source code analysis via gcc AST translation and state-table analysis at XCon 2006. I thought it was well put together for people who are not completely wrapped in static analysis to understand the basic concepts. I don't think his paper is available publicly yet, but he found some bugs in the Linux kernel with his tool relating to lock/unlock issues. His tool is also not public, but the concepts don't seem that hard to implement for the GCC team or someone familiar with the code-base. A lot of the static analysis products are trying to be sold as a service, which I find funny. It's very weird when people want to run your code through their tool and won't let you use the tool yourself. It's interesting also that there isn't a tool that is a guided hand for the user, rather than a scanner. The VC money loves scanners of all sorts. Scale out and scale up the profits! But scanners end up being useless in a lot shorter timeframe than tools that enhance a professional auditor. Taint/untaint is something that someone wrote an emacs plugin for years ago, but it'll never see funding. That's good for bug hunters. :> - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFFADeJB8JNm+PA+iURAqRyAJ9uRnIO9+tXqhKr8Rx41OIAb3kTcACgpxis c8prEz6MSW4nNG4ogskUU8M= =zP+V -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Source Code Analysis Dave Aitel (Sep 07)
- Re: Source Code Analysis Alexander Sotirov (Sep 07)
- Re: Source Code Analysis Matt (Sep 07)
- Re: Source Code Analysis Alexander Sotirov (Sep 18)
- Re: Source Code Analysis Matt (Sep 07)
- Re: Source Code Analysis Mateusz Berezecki (Sep 07)
- Re: Source Code Analysis Matt (Sep 07)
- <Possible follow-ups>
- Source Code Analysis kcope (Sep 16)
- Re: Source Code Analysis Alexander Sotirov (Sep 07)