I'm sorry, but relying on some statistical analysis tool to "certify code" is utter bullshit. Sure, this thing is useful in finding bonehead mistakes and certainly is a worthy tool, but code that passes cannot be considered defect free. This leads to a serious false sense of security...and a sense of security Coverity is happy to take your money to give you. I really suspect that path following statistical analysis tools are generally worthless in finding logic errors, and logic errors lead to security problems just as overflows/underruns/pointer mishaps. I'm not saying Coverity is snake oil, on the contrary it's a useful too, but users of it shouldn't make into more than it is. -- Michael Williamson <mwilliamson@xxxxxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/