I was watching an older video regarding Static Source code analysis to make code more secure. I especially enjoyed your comments about SQL injections and escaping sql which all sorts of websites forget to do.
What tools are used in OpenBSD for static source code analysis? I guess Lint is considered one tool? Do you, Ted, use other tools than Lint? This post is not just meant to be sent for Ted, of course anyone else could reply if they know about source code analysis. Should some of these static source code analysis techniques be merged into compilers to catch more errors right within the development process, instead of it being a separate tool? Advantages of keeping static source code analysis separate tools: -keeps the compiler simpler, doesn't add extra code to the compiler -the source code analysis tool can be used not just with one compiler that has it built in -source code analysis needs to be configured on a case by case basis, embedding it into the compiler might make things too complex for the user setting up the compiler Disadvantages of keeping static analysis separate: -people are less inclined to use the separate tool and practice proper coding techniques. Building it into the compiler would force them to write more secure code on day one. -people see the tool as an extra option, rather than developing their code right from day one as an essential. How to solve the disadvantages: -ship source code analysis tools with the compiler and encourage people to use it moreso than we do now, keep the tools as separate modules so they can be developed individually but run together possibly with processes/pipes. -write more books on the topic, I doubt they would be Bestsellers though since people are more interested in just having their program compile and run quickly -- Regards, Lars GNG is not GNU http://gng.z505.com
