Re: Dynamically Debugging for Security Bugs -- a useful tool ?

From: Ben Laurie (benat_private)
Date: Wed Mar 12 2003 - 13:29:48 PST

Next message: Casper Dik: "Re: Are bad developer libraries the problem with M$ software?"

Previous message: mlhat_private: "Re: Dynamically Debugging for Security Bugs -- a useful tool ?"
In reply to: P. S.: "Dynamically Debugging for Security Bugs -- a useful tool ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

P. S. wrote:
>     What I would like to know is, would such a tool be useful in the
> search for security bugs ? What other features would you see as
> essential or nice to have ? Also what IDE would you see this
> benefitting, KDevelop (C++), Eclipse (Java), NetBeans (Java), etc etc
> ? Obviously, Eclipse and NetBeans may be limited as they are for
> Java programming and security bugs are more rampant in C++, C etc.
> Any comments or criticisms you may have are very welcome.

I think it would be pretty darn cool. However, I'll be pretty amazed if 
you can actually do it for C. In particular, "which lines affect this 
variable" is highly nontrivial.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Next message: Casper Dik: "Re: Are bad developer libraries the problem with M$ software?"
Previous message: mlhat_private: "Re: Dynamically Debugging for Security Bugs -- a useful tool ?"
In reply to: P. S.: "Dynamically Debugging for Security Bugs -- a useful tool ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 12 2003 - 16:11:50 PST