Hosting Provided By

RE: malicious code

From: Konstantin Rozinov <konstantin(at)rozinov.com>
Date: Tue Feb 04 2003 - 23:28:31 EST

Maybe, ITS4 will be of some help. It statically scans C/C++ for certain functions and even does some code analysis to determine risk level.

http://www.cigital.com/its4/
http://www.cigital.com/papers/download/its4.pdf

Konstantin

-----Original Message-----
From: Jeff Williams [mailto:jsquared@erols.com] Sent: Saturday, January 25, 2003 2:14 PM To: secprog@securityfocus.com
Subject: malicious code

Does anyone on the list know of any research in detecting "malicious code"
as opposed to simply inadvertent security screwups? Seems to me that the
best attacks would be very difficult to distinguish from a ordinary mistake.

j2 Received on Wed Feb 5 12:14:31 2003

This message: [ Message body ]
Next message: David Wheeler: "Re: secprog Digest 8 Feb 2003 03:21:18 -0000 Issue 140"
Previous message: security(at)pablowe.net: "Re: ROI for secure software engineering"
In reply to: Jeff Williams: "malicious code"
Reply: David Wheeler: "Re: secprog Digest 8 Feb 2003 03:21:18 -0000 Issue 140"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:46 EDT