Re: Source code audit tool from Kenneth R. van Wyk on 2003-10-16 (www-html-editor@w3.org from October to December 2003)

From: Kenneth R. van Wyk <ken@vanwyk.org>
Date: Thu, 16 Oct 2003 08:12:44 -0400
To: secprog@securityfocus.com
Message-Id: <200310160812.44659.ken@vanwyk.org>

On Thursday 16 October 2003 01:33, John Viega wrote:
> There are many more tools listed at:
> https://www.sardonix.org/Auditing_Resources.html and at:
> http://www.secureprogramming.com/

Excellent additions, thanks John.  I should also point out that I forgot to 
mention David Wheeler's superb (and free) document, "Secure Programming for 
Linux and Unix HOWTO" (see http://www.dwheeler.com/secure-programs/
Secure-Programs-HOWTO/index.html).  Although I'm not sure if the original 
poster was writing for Linux/Unix, the section on Java (http://
www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/java.html) is a 
must-read for any Java programmer, IMHO.  Not the automated tool that the 
poster requested, but a wonderful list of guidelines and tips.

Cheers,

Ken van Wyk

Received on Thursday, 16 October 2003 15:49:56 UTC