Subject: Re: ITS4 Program
To: Dave Burgess <firstname.lastname@example.org>
From: David Brownlee <email@example.com>
Date: 02/22/2000 17:41:09
Any chance of a package? :)
On Tue, 22 Feb 2000, Dave Burgess wrote:
> I was cruising around on the Internet and came across a really interesting
> program. It's a source code security scanner that can be extended through
> the use of an exploits database. I ran it against the /bin/sh source
> and it identified several 'risky' issues that we may or may not have
> previously identified. I'm giving some thought to running against the
> entire -current /usr/src/*bin* directory tree and see what it says.
> Obviously, the raw output would be overwhelming (as well as incredibly
> noisy) but it might find some interesting things we haven't found in the
> past. Combined with lint, this could be a good double check for the
> NetBSD source code tree.
> The program, for anyone else that's interested, is in
> It's available for free to non-commercial use (I think, check the web
> site to find out for sure) but the source code is available and it
> compiles without a hitch on NetBSD-current.
> Dave Burgess