Scanning vs. manual audits of software

Security expert James Turnbull explains why he thinks scanning can't replace manual audits when it comes to detecting bugs and flaws in software.

What are some automated open source tools that can scan for flaws in software?
I am not aware of any open source tools that perform this function. All of the tools I have seen are commercial: Fortify, Coverity and Agitar.

I think is also important to note that scanning cannot totally replace manual audits. Tools can remove some of

the labor involved but cannot replace human intuition in detecting and extrapolating how a bug or flaw might be exploited and/or fixed.

This was first published in August 2006

Dig deeper on Linux security risks and threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: