OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?
Dag-Erling Smørgrav
des at des.no
Fri Apr 25 21:04:31 UTC 2014
Chad Perrin <code at apotheon.net> writes:
> Do you claim that the Clang static analyzer is essentially worthless for
> finding and fixing security-related bugs because it is more trouble to
> make use of its output than its output is worth, or does it only *seem*
> like that is your claim?
All I was saying is that 70% of this thread is pointless and that some
of the most active participants are talking out of their asses.
I won't address the wall of text in your previous reply except to note
that you misrepresented my position and argued against a claim I never
made.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-security
mailing list