Linked by Thom Holwerda on Tue 19th Jul 2005 19:23 UTC, submitted by Just_A_User
FreeBSD On Tuesday, code-analysis software maker Coverity announced that its automated bug finding tool had analyzed the community-built operating system FreeBSD and flagged 306 potential software flaws, or about one issue for every 4,000 lines of code. The low number of flaws found by the system underscores that FreeBSD's manual auditing by project members has reduced the vulnerabilities in the operating system, said Seth Hallem, CEO of Coverity.
Permalink for comment 6706
To read all comments associated with this story, please click here.
butters
Member since:
2005-07-08

Well, C/C++ are the primary target for most "real" static analysis because it's so easy to write incorrect code. Here's one for Java that seems to check mostly for inefficient code:

http://pmd.sourceforge.net/

This one is a simple C/C++ tool that checks for secure programming, buffer range checking, etc:

http://www.dwheeler.com/flawfinder/

NIST has a list of static source and bytecode checkers for various languages, but not all are open source:

http://samate.nist.gov/

There's PyChecker, JavaChecker, FindBugs and others on sourceforge.

There are slews of Lint-based checkers, both free and nonfree.

And if you maintain an open source project, chances are you can get your source analyzed for free by Coverity or other proprietary static analsis tools if you register on their websites.

Reply Parent Score: 1