Maybe, ITS4 will be of some help. It statically scans C/C++ for certain functions and even does some code analysis to determine risk level. http://www.cigital.com/its4/ http://www.cigital.com/papers/download/its4.pdf Konstantin -----Original Message----- From: Jeff Williams [mailto:jsquaredat_private] Sent: Saturday, January 25, 2003 2:14 PM To: secprogat_private Subject: malicious code Does anyone on the list know of any research in detecting "malicious code" as opposed to simply inadvertent security screwups? Seems to me that the best attacks would be very difficult to distinguish from a ordinary mistake. j2
This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 09:14:28 PST