目前IT业界已经在大量使用代码静态分析工具,以便在编码阶段就能够找出可能的编码缺陷。主要有PC-Lint、KlocWork公司的K7、Coverity公司的Prevent、Parasoft公司的Insure++、Fortify Software公司的SCA,以及其它的开源软件及商业工具等,而且也出版了大量的论文和书籍。
参考资料:
[1] Source Code Security Analyzers, [url]https://samate.nist.gov/index.php/Source_Code_Security_Analyzers[/url]
Books:
[1] Automated Defect Prevention: Best Practices in Software Management, [url]http://www.parasoft.com/jsp/pr/books/adp/adp.jsp[/url]
[2] Secure Programming with Static Analysis, [url]http://extra.fortifysoftware.com/blog/2007/07/secure_programming_with_static_1.html[/url]
参考资料:
[1] Source Code Security Analyzers, [url]https://samate.nist.gov/index.php/Source_Code_Security_Analyzers[/url]
Books:
[1] Automated Defect Prevention: Best Practices in Software Management, [url]http://www.parasoft.com/jsp/pr/books/adp/adp.jsp[/url]
[2] Secure Programming with Static Analysis, [url]http://extra.fortifysoftware.com/blog/2007/07/secure_programming_with_static_1.html[/url]
