At 5:53 PM -0500 4/30/04, jnf wrote: hi, simple question that is not very technicla in itself- when auditing >software, I often find it had to stay focused and follow the code so to >speak, especially when jumping across X source files and Y functions >inside of each source file, I was just curious how others cope with such >things? I've just been using vi/text editors to go through it all and I >don't really expect there is a solve all answer, but any hints help. >thoughts?
An external tool like SCA will let you know all the calling sites that invoke a particular function or procedure. That seems critical when evaluating relationships, especially in a more weakly typed language like C*.
