As we check Apache HTTP Server, we see bugs crawling everywhere across the code. But wait! These are not just bugs, but security weaknesses!
PVS-Studio: searching software weaknesses
by Andrey Karpov, Phillip Khandeliants
From the article:
PVS-Studio has always been able to detect a large number of various security defects (potential vulnerabilities) in the program code. However, historically, we positioned PVS-Studio as a tool to search for errors. We see a trend in the software development to look for vulnerabilities in the code, although it is just the same. It seems to us that it is high time to do the rebranding of our static analyzer PVS-Studio. We will start with Common Weakness Enumeration (CWE). This article provides a table that shows matches of PVS-Studio diagnostic warnings of with the classifier. The table will be gradually updated and changed, but we can already use the table to write articles about security defects detected in projects. We suppose it would attract more attention of the software security specialists.
Add a Comment
Comments are closed.