On Thu, Dec 16, 2010 at 12:00:21PM -0600, Raphael Geissert wrote:
> = What is there for everyone? =
>
> At the moment there are only partial reports from two tools, but the list of
> tools to be evaluated and possibly included goes over twenty.
I would be glad if the tools included some security auditing tools such as:
+ Available as Debian packages
- RATS: security auditing utility for C, C++, PHP, Perl, and Python code
- Flawfinder: securty flaw search tool for C/C++ source code
- Split: a tool for statically checking C programs for bugs
- Jlint: Tool to check Java code for bugs, inconsistencies and
synchronization problems
+ There are some other static security analysis currently not available in
Debian, such as:
- FindBugs: a tool for static analysis of Java code
http://findbugs.sourceforge.net/
- JCSC: Java source code checker - http://jcsc.sourceforge.net/
- PMD: Tool to review Java code for bugs - http://pmd.sourceforge.net/
As Debian is getting more java code in now it would be worth it to have some
Jave tools in the toolbox too.
Just my 2cents.
Regards
Javier
Attachment:
signature.asc
Description: Digital signature