Secure Coding mailing list archives
Re: auditing
From: ljknews <ljknews () mac com>
Date: Mon, 03 May 2004 17:39:10 +0100
At 5:53 PM -0500 4/30/04, jnf wrote: hi, simple question that is not very technicla in itself- when auditing
software, I often find it had to stay focused and follow the code so to speak, especially when jumping across X source files and Y functions inside of each source file, I was just curious how others cope with such things? I've just been using vi/text editors to go through it all and I don't really expect there is a solve all answer, but any hints help. thoughts?
An external tool like SCA will let you know all the calling sites that invoke a particular function or procedure. That seems critical when evaluating relationships, especially in a more weakly typed language like C*.
Current thread:
- auditing jnf (May 03)
- Re: auditing James Walden (May 03)
- Re: auditing jnf (May 03)
- Re: auditing ljknews (May 03)
- Re: auditing Jose Nazario (May 03)
- Re: auditing jnf (May 05)
- Re: auditing Paco Hope (May 03)
- Re: auditing jnf (May 03)
- Re: auditing Crispin Cowan (May 03)
- Re: auditing James Walden (May 03)