Static Code Analysis Tools
Sunday May 28, 2006
New.com recently has an article on companies making comercial static code analysis tools for checking security flaws.
Companies and products to watch:
- Microsoft (PREfast - a presentation and Static Driver Verifier)
- Fortify
- @Stake (acquired by Symantec)
- Reflective
- Coverity (from Stanford)
- Ounce Labs
Most of them use context sensitive, interprocedural, cross module, and mixed language analysis. A major difference between the analysis used in static error detection and the one used in compiler optimization is that the former can be incomplete and unsound.
Here is a link to a site that lists a collection of static analysis tools for C code.
Like this post?
|
|
|
|
|
|
|
|
