[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [RFC] QEMU Code Audit Team
|
From: |
Chris Wright |
|
Subject: |
Re: [Qemu-devel] [RFC] QEMU Code Audit Team |
|
Date: |
Fri, 6 Jan 2012 09:25:00 -0800 |
|
User-agent: |
Mutt/1.5.20 (2009-08-17) |
* Corey Bryant (address@hidden) wrote:
> Count me in for step 2. A good approach may be to run a static
> analysis tool against the code, followed by a manual scan of the
> code for common vulnerabilities that static analysis can't find.
Good idea. Folks are already running things like Coverity. The false
positive rate is high enough that it's a lot to wade through at first
(so extra eyes could be quite helpful here). Perhaps the people who
are involved in this could share some of their findings.
thanks,
-chris
- [Qemu-devel] [RFC] QEMU Code Audit Team, Anthony Liguori, 2012/01/06
- Re: [Qemu-devel] [RFC] QEMU Code Audit Team, Chris Wright, 2012/01/06
- Re: [Qemu-devel] [RFC] QEMU Code Audit Team, Andreas Färber, 2012/01/06
- Re: [Qemu-devel] [RFC] QEMU Code Audit Team, Anthony Liguori, 2012/01/06
- Re: [Qemu-devel] [RFC] QEMU Code Audit Team, Peter Maydell, 2012/01/06
- Re: [Qemu-devel] [RFC] QEMU Code Audit Team, Stefan Hajnoczi, 2012/01/07
- Re: [Qemu-devel] [RFC] QEMU Code Audit Team, Kevin Wolf, 2012/01/11
- Re: [Qemu-devel] [RFC] QEMU Code Audit Team, Anthony Liguori, 2012/01/10
- Re: [Qemu-devel] [RFC] QEMU Code Audit Team, Kevin Wolf, 2012/01/11