On 7/15/2012 3:24 AM, Tom Browder wrote: > On Sun, Jul 15, 2012 at 5:04 AM, Christophe JAILLET > <[email protected]> wrote: >> Hi, >> >> looking around for static analysis tools, I arrived on a commercial software >> that states that is has already found some mistakes in httpd. > > Christophe brings up a good point. Has the httpd project ever had its > code analyzed by Coverity? If not, it should be eligible for a free > scan. See the bottom of this page for a free scan request: > > http://www.coverity.com/products/static-analysis.html
Often. Occasionally someone discovers an actually interesting bit of source which has a potential security implication, and sends us a report on the security@httpd list.
