The Coverity product (Coverity Prevent) is a static source code analysis
tool for C and C++, see
http://www.coverity.com/library/pdf/coverity_prevent.pdf.
It isn't actually scanning (or if it is, it isn't analyzing) any of the
scripting code, as far I as can tell.
Michael
-Original
07, 2006 12:17 PM
To: Gavin, Michael; Kenneth R. van Wyk; Secure Coding Mailing List
Subject: RE: [SC-L] ZDNET: LAMP lights the way in open-source security
All of which proves that there are lies, damn lies, and statistics (the
statistic being the lower bug density, which ignores the most
. van Wyk; Secure Coding Mailing List
Subject: RE: [SC-L] ZDNET: LAMP lights the way in open-source security
Yeah, statistics can allow you to say and prove just about anything.
OK, showing my ignorance here, since I haven't checked out any of the
LAMP source trees and reviewed the code: how
-Original Message-
From: Crispin Cowan [mailto:[EMAIL PROTECTED]
Gavin, Michael wrote:
Yeah, statistics can allow you to say and prove just about
anything.
OK, showing my ignorance here, since I haven't checked out any of the
LAMP source trees and reviewed the code: how much of the
/~gem
-Original Message-
From: Gavin, Michael [mailto:[EMAIL PROTECTED]
Sent: Tue Mar 07 16:40:00 2006
To: Crispin Cowan
Cc: Jeremy Epstein; Secure Coding Mailing List
Subject:RE: [SC-L] ZDNET: LAMP lights the way in open-source security
-Original Message-
From