Question: would Coverity have found the three security holes in
sendmail 8.12 (and earlier versions)? Are there other source code
analysis tools that would have found those bugs? I know of one
company that did a source code inspection of sendmail and they
admitted that their tool would not have found those bugs
("unfortunately" they analysed only 8.12.11 in which those bugs
were fixed).Does someone have experience with "good" source code analysis tools? I tried some lint versions but those require a lot of time to invest and it's not clear whether there is a good "return" of that effort.
