[Owasp-leaders] Automated Code Review Tools

Marco M. Morana marco.m.morana at gmail.com
Sat Sep 26 09:46:20 EDT 2009


Fabio

 

If you are looking for "code analysis automation tools" as static analysis
tools,

SAMATE (NIST) has several papers and methodologies to evaluate static
analysis tools

 <http://samate.nist.gov/index.php/SAMATE_Publications.html>
http://samate.nist.gov/index.php/SAMATE_Publications.html

 

You can look at their tool classification that provides an overview on
scope/capabilities of different tools

 <http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html>
http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html

 

Also Jim Bird has a nice blog posting about the static analysis tool
evaluation he did in 2006 for Cigital that included Fortify

Coverty and Klockwork 

 
<http://swreflections.blogspot.com/2009/06/value-of-static-analysis-tools.ht
ml>
http://swreflections.blogspot.com/2009/06/value-of-static-analysis-tools.htm
l

 

Hope this help

 

Regards

 

Marco M.

 

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Fabio Cerullo
Sent: Saturday, September 26, 2009 5:05 AM
To: owasp-leaders at lists.owasp.org
Subject: [Owasp-leaders] Automated Code Review Tools

 

hi guys,

have you ever come across a good comparison paper between the different
"Automated Code Review Tools"?

any help is really much appreciated.

thanks!

Fabio

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090926/233ab3c3/attachment-0001.html 


More information about the OWASP-Leaders mailing list