The Coverity product (Coverity Prevent) is a static source code analysis
tool for C and C++, see
http://www.coverity.com/library/pdf/coverity_prevent.pdf.
It isn't actually scanning (or if it is, it isn't analyzing) any of the
scripting code, as far I as can tell.
Michael
-Original
07, 2006 12:17 PM
To: Gavin, Michael; Kenneth R. van Wyk; Secure Coding Mailing List
Subject: RE: [SC-L] ZDNET: LAMP lights the way in open-source security
All of which proves that there are lies, damn lies, and statistics (the
statistic being the lower bug density, which ignores the most
-Original Message-
From: Crispin Cowan [mailto:[EMAIL PROTECTED]
Gavin, Michael wrote:
Yeah, statistics can allow you to say and prove just about
anything.
OK, showing my ignorance here, since I haven't checked out any of the
LAMP source trees and reviewed the code: how much
Architecture is also an overloaded term, often meaning either a design
(the output of architects) or the implementation of certain types of
design (the output of engineers).
Hoping to clarify Chris's comment on architecture flaws: architecture
defects as in the defects in the output produced by