Code scanning tools do not make software secure

Friday, 27 January 2006, 1:24 PM EST

There has been a lot of press recently about using ‘code scanning’ tools to find security bugs in source code. So I thought I’d share my view on code scanning tools.

Such tools, often called static analysis tools, such as the tools we have included in Visual Studio 2005, are very useful, but they are no replacement for human intellect. If a developer does not know how to code securely, or if a designer does not know how to design secure systems, and testers don’t know how to validate the security-posture of code, tools will provide little, if any, help.

At Michael Howard's blog.

[ Read more ]




Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //