Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2000
IEEE
2000
IEEE
ITS4: A Static Vulnerability Scanner for C and C++ Code
We describe ITS4, a tool for statically scanning security-critical C source code for vulnerabilities. Compared to other approaches, our scanning technique stakes out a new middle ground between accuracy and efficiency. This method is efficient enough to offer real-time feedback to developers during coding while producing few false negatives. Unlike other techniques, our method is also simple enough to scan C++ code despite the complexities inherent in the language. Using ITS4 we found new remotelyexploitable vulnerabilities in a widely distributed software package as well as in a major piece of e-commerce software. The ITS4 source distribution is available at http: //www.rstcorp.com/its4.
Real-time TrafficRelated Content
| Added | 30 Jul 2010 |
| Updated | 30 Jul 2010 |
| Type | Conference |
| Year | 2000 |
| Where | ACSAC |
| Authors | John Viega, J. T. Bloch, Y. Kohno, Gary McGraw |
Comments (0)
Researcher Info
|
