| |||||||||||||
|
| |||||||||||||
Theo not impressed somewhereTheo not impressed somewherePosted May 1, 2007 22:33 UTC (Tue) by bluefoxicy (guest, #25366)Parent article: Coverity to Regularly Scan Security and Quality of 250 Open Source Projects
Ah, this brings back memories of an off-list debate with Theo de Raadt where he directly tried to convince me that such automated software scanning tools were useless, and only manual code review on its own ever produced proper results (i.e. using tools to supplement manual review == bad).
(Log in to post comments)
Theo not impressed somewhere Posted May 2, 2007 8:07 UTC (Wed) by khim (subscriber, #9252) [Link] You need a context to compare. Tools like Coverity are indeed almost useless if you want to catch malicious code (==code which does not what it must do because someone made it this way on purpose), but they are very-very good on catching typos and other stupid errors...
|
|
||||||||||||