[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-devel
Subject:    Re: Introducing the "Debian's Automated Code Analysis" (DACA)
From:       Javier =?iso-8859-1?Q?Fern=E1ndez-Sanguino_Pe=F1a?= <jfs () computer ! org>
Date:       2010-12-18 19:07:13
Message-ID: 20101218190713.GA6243 () javifsp ! no-ip ! org
[Download RAW message or body]

On Thu, Dec 16, 2010 at 12:00:21PM -0600, Raphael Geissert wrote:
> = What is there for everyone? =
> 
> At the moment there are only partial reports from two tools, but the list of 
> tools to be evaluated and possibly included goes over twenty.

I would be glad if the tools included some security auditing tools such as:

 + Available as Debian packages
   - RATS: security auditing utility for C, C++, PHP, Perl, and Python code
   - Flawfinder: securty flaw search tool for  C/C++ source code 
   - Split: a tool for statically checking C programs for bugs
   - Jlint: Tool to check Java code for  bugs, inconsistencies and
     synchronization problems

 + There are some other static security analysis currently not available in
 Debian, such as:
   - FindBugs: a tool for static analysis of Java code
        http://findbugs.sourceforge.net/
   - JCSC: Java source code checker - http://jcsc.sourceforge.net/
   - PMD: Tool to review Java code for bugs - http://pmd.sourceforge.net/

 As Debian is getting more java code in now it would be worth it to have some
 Jave tools in the toolbox too.

 Just my 2cents.

 Regards

 Javier

["signature.asc" (application/pgp-signature)]
-- 
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20101218190713.GA6243@javifsp.no-ip.org


[prev in list] [next in list] [prev in thread] [next in thread]