My flawfinder home home at http://www.dwheeler.com/flawfinder
links to a number of tools & papers for static source code
analysis to find security flaws.
Until Arian Evans' master list is available at OWASP,
if you're looking for information that might be a
good place to start. (Arian Evans is already aware of this.)
Arian: I suggest that you list not just the tools
themselves, but also (some) papers about the tools.
Many of the people looking at the tools will want to
read reviews of the general technology & of specific tools.
You won't be able to list all papers, but a starting
point for people would be very helpful.
links to a number of tools & papers for static source code
analysis to find security flaws.
Until Arian Evans' master list is available at OWASP,
if you're looking for information that might be a
good place to start. (Arian Evans is already aware of this.)
Arian: I suggest that you list not just the tools
themselves, but also (some) papers about the tools.
Many of the people looking at the tools will want to
read reviews of the general technology & of specific tools.
You won't be able to list all papers, but a starting
point for people would be very helpful.
--- David A. Wheeler
[ reply ]