WebApp Sec mailing list archives

Re: Tool for source code review

From: Adam Shostack <adam () homeport org>
Date: Tue, 20 Dec 2005 11:42:15 -0500

Are you looking for review tools, or analysis tools?  I differentiate
by saying that review tools are focused on collaboration and
communication about what's been looked at.  There are some emacs
modes, but I'd be interested to learn about more.

Adam

On Mon, Dec 19, 2005 at 11:15:14AM -0800, Ambarish Malpani wrote:
| 
| The most commonly used commercial tools names are:
| 
| Fortify - www.fortifysoftware.com
| Ounce Labs - www.ouncelabs.com
| Secure Software - www.securesoftware.com
| 
| 
| There is some free/open source software available too - depends on how
| deep
| a coverage you want. There is also the option of a bunch of consulting
| companies.....
| 
| Regards,
| Ambarish
| 
|  
| 
| > -----Original Message-----
| > From: Pratiksha Doshi [mailto:pratiksha () nii co in] 
| > Sent: Monday, December 19, 2005 5:40 PM
| > To: webappsec () securityfocus com
| > Subject: Tool for source code review
| > 
| > Hi All,
| > 
| > Can anybody suggest with tools for source code review with 
| > security kept in mind.
| > 
| > Thanks...
| > Pratiksha
| > 
| >

Current thread:

Tool for source code review Pratiksha Doshi (Dec 19)
- RE: Tool for source code review Carl Davis (Dec 20)
- <Possible follow-ups>
- RE: Tool for source code review Ambarish Malpani (Dec 20)
  - Re: Tool for source code review Adam Shostack (Dec 20)