Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yeah--it should be a no-brainer. Running such critical code through as many static analysis tools you can get your hands on should be standard practice. I wonder why Coverity and the rest havent taken it upon themselves. I remember a story about Coverity running their tool on random open source projects and emailing them about issues they found. Maybe OpenSSL is too far in the hole to start that now.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: