RE: malicious code

From: Konstantin Rozinov (konstantinat_private)
Date: Tue Feb 04 2003 - 20:28:31 PST

Next message: David Wheeler: "Re: secprog Digest 8 Feb 2003 03:21:18 -0000 Issue 140"

Previous message: securityat_private: "Re: ROI for secure software engineering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Maybe, ITS4 will be of some help.  It statically scans C/C++ for certain
functions and even does some code analysis to determine risk level.

http://www.cigital.com/its4/
http://www.cigital.com/papers/download/its4.pdf

Konstantin

-----Original Message-----
From: Jeff Williams [mailto:jsquaredat_private] 
Sent: Saturday, January 25, 2003 2:14 PM
To: secprogat_private
Subject: malicious code


Does anyone on the list know of any research in detecting "malicious
code"
as opposed to simply inadvertent security screwups?  Seems to me that
the
best attacks would be very difficult to distinguish from a ordinary
mistake.

j2

Next message: David Wheeler: "Re: secprog Digest 8 Feb 2003 03:21:18 -0000 Issue 140"
Previous message: securityat_private: "Re: ROI for secure software engineering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 09:14:28 PST