Q

Scanning vs. manual audits of software

Security expert James Turnbull explains why he thinks scanning can't replace manual audits when it comes to detecting bugs and flaws in software.

What are some automated open source tools that can scan for flaws in software?
I am not aware of any open source tools that perform this function. All of the tools I have seen are commercial: Fortify, Coverity and Agitar.

I think is also important to note that scanning cannot totally replace manual audits. Tools can remove some of the labor involved but cannot replace human intuition in detecting and extrapolating how a bug or flaw might be exploited and/or fixed.

This was last published in August 2006

Dig Deeper on Linux security risks and threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close