James Matthews wrote: > I wish! Fortify software has been tested against many open source > projects and reported a bunch of false positives. Yes i know they are > working to improve the software.... However i still hold that fuzzing > will show you some issues that this software cannot. > > James And if you're unsure if that's true ... just look to the iron chef fuzzing preso from this years blackhat ... fuzzing managed to find a "better" bug, though both approaches (static and dynamic) found a decent bug in the software under test. Happy New Year! Jared
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
