[Owasp-leaders] Automated Code Review Tools

Fabio Cerullo fcerullo at owasp.org
Sun Sep 27 03:56:06 EDT 2009


Marco,

that's brilliant... you gave me enough to entertain myself the whole weekend
:)

thank you very much,

Fabio

On Sat, Sep 26, 2009 at 2:46 PM, Marco M. Morana
<marco.m.morana at gmail.com>wrote:

>  Fabio
>
>
>
> If you are looking for “code analysis automation tools” as static analysis
> tools,
>
> SAMATE (NIST) has several papers and methodologies to evaluate static
> analysis tools
>
> http://samate.nist.gov/index.php/SAMATE_Publications.html
>
>
>
> You can look at their tool classification that provides an overview on
> scope/capabilities of different tools
>
> http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html
>
>
>
> Also Jim Bird has a nice blog posting about the static analysis tool
> evaluation he did in 2006 for Cigital that included Fortify
>
> Coverty and Klockwork
>
>
> http://swreflections.blogspot.com/2009/06/value-of-static-analysis-tools.html
>
>
>
> Hope this help
>
>
>
> Regards
>
>
>
> Marco M.
>
>
>
> *From:* owasp-leaders-bounces at lists.owasp.org [mailto:
> owasp-leaders-bounces at lists.owasp.org] *On Behalf Of *Fabio Cerullo
> *Sent:* Saturday, September 26, 2009 5:05 AM
> *To:* owasp-leaders at lists.owasp.org
> *Subject:* [Owasp-leaders] Automated Code Review Tools
>
>
>
> hi guys,
>
> have you ever come across a good comparison paper between the different
> "Automated Code Review Tools"?
>
> any help is really much appreciated.
>
> thanks!
>
> Fabio
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090927/30cc2ef7/attachment.html 


More information about the OWASP-Leaders mailing list