mailing list archives
Re: Secure Source Code Analysis Parser/Tool
From: Adam Shostack <adam () homeport org>
Date: Tue, 29 Jun 2004 12:34:46 -0400
My bad, PreFIX and preFAST.
On Tue, Jun 29, 2004 at 09:29:48AM -0700, Michael Howard wrote:
| >> And then there are Prefix and Postfix, which are going to be in
| visual studio "whidbey."
| Prefast is in Whidbey Enterprise, beta1 one of which was release today
| There's no tool I know of called Postfix!
| [Writing Secure Code 2nd Edition]
| [Protect Your PC] http://www.microsoft.com/protect
| [Blog] http://blogs.msdn.com/michael_howard
| [Annual Security Training]
| -----Original Message-----
| From: Adam Shostack [mailto:adam () homeport org]
| Sent: Tuesday, June 29, 2004 8:33 AM
| To: Stan Guzik
| Cc: webappsec () securityfocus com
| Subject: Re: Secure Source Code Analysis Parser/Tool
| On Tue, Jun 29, 2004 at 11:04:42AM -0400, Stan Guzik wrote:
| | Hello,
| | Does anyone of an open source secure source code analysis parser/tool?
| | I'm looking for a parser to run on ASP, ASP.NET, VB, and VB.NET. If
| | tool is for another language that's OK. If you don't know of a tool
| | good reference on how to write on is appreciated.
| Its not open source, but FXCop is the most MS oriented source security
| tool I know of. http://www.gotdotnet.com/team/fxcop/ And then there
| are Prefix and Postfix, which are going to be in visual studio
| There's RATS and Splint, which are open source tools for C, which
| aren't ASP, .NET, or VB.