ITS4: A static vulnerability scanner for C and C++ code
ACM Transactions on Information and System Security(2000)
摘要
We describe ITS4, a tool for statically scanning security-critical C source code for vulnerabilities. Compared to other approaches, our scanning technique stakes out a new middle ground between accuracy and efficiency. This method is efficient enough to offer real-time feedback to developers during coding while producing few false negatives. Unlike other techniques, our method is also simple enough to scan C++ code despite the complexities inherent in the language. Using ITS4 we found new remotely-exploitable vulnerabilities in a widely distributed software package as well as in a major piece of e-commerce software. The ITS4 source distribution is available at http://www.rstcorp.com/its4.
更多查看译文
关键词
technique stake,new remotely-exploitable vulnerability,e-commerce software,software package,new middle ground,static vulnerability scanner,real-time feedback,major piece,false negative,its4 source distribution,security-critical c source code,data security,feedback,information security,writing,source code,buffer overflow,e commerce,real time,computer languages
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要