some tools request

[scatter]

Does anyone know an open source code analyser like for buffer overruns and other vulns? thx in advance

[ayu]

Not specifically for detecting vulns, but still good to have

Code: Select all

http://valgrind.org/

[scatter]

thx cats this will help coz am going to review millions of lines of code with my new distro ^ ^

[scatter]

thats a memory bounds checker AFAIK.its run time a bit like a debugger and I don't need a debugger I need a source code analyser :/

[scatter]

found them in case someone oneday will need them
http://spinroot.com/static/" onclick="window.open(this.href);return false;

[DNR]

Its never just one site - it is a collection of sites and then you consider the weight of the results presented by the different tools/scanners. I don't have a third party software running in the background - I just call on them when they are needed. This makes it easier to baseline your system and keep it lean.

Besides online code checkers, I also post the code for others to read - for the zero days

DNR

[scatter]

Yup fact I understand ur point but online code checkers won't help when its about going through thousands of lines of codes, the only good tool I found is made by oracle called Parfait bug checker
http://llvm.org/devmtg/2009-10/Cifuente ... hecker.pdf" onclick="window.open(this.href);return false;
it has a good reputation on internet but it seems they stopped offering it for public and its used internally by Oracle