Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

New static analysis security tool - SCARE

December 1, 2007

Check out SCARE - the Source Code Analysis Risk Evaluation tool - at http://www.isecom.org/scare. It analyzes code (currently only C) to determine a Risk Assessment Value, based on metrics also described at that site - primarily, "reliance on external variables which a user can manipulate as input".

The authors are looking for help in producing a Windows port.

Here’s the original bugtraq post - http://www.securityfocus.com/archive/1/484405/30/0/threaded.

Search:

Archives

Recent Posts

• Inflatable satellite dish
• Microsoft Effective Security Practices whitepapers
• Microsoft Security Awareness Toolkit
• Security B-sides anti-conference
• What If Bill Gates Never Wrote the TwC Memo?

RSS Feed

Blogroll

Security Focus: