[Info-vax] A few tools for improving software security
John Dallman
jgd at cix.co.uk
Sat Jan 20 03:10:00 EST 2024
In article <uof4t2$3c1i2$1 at dont-email.me>, arne at vajhoej.dk (Arne Vajhøj)
wrote:
> On 1/19/2024 4:46 PM, John Dallman wrote:
> > Valgrind runs on Unix-like operating systems. I run it on x86-64
> > Linux, which is by far the most-used platform.
>
> Those tools are mostly C/C++ centric right?
* Valgrind works on binaries and has no idea what HLL you used. Most
fuzzers are the same AFAIK.
* Coverity needs to know about the source language, but it reads
a lot of them.
> If one would be a little cynical: tools to mitigate those languages
> lack of the strictness found in other languages.
Coverity tries to do that. Fuzzing detects the ability to overrun buffers,
irrespective of how it's done.
John
More information about the Info-vax
mailing list