scan . coverity . com

Here you can discuss ReactOS related topics.

Moderator: Moderator Team

Post Reply
grigi
Posts: 18
Joined: Thu Jun 16, 2005 8:58 pm
Location: Johannesburg, South Africa

scan . coverity . com

Post by grigi »

As Cristan reccomended: (Create a new thread)

As we are approacing 0.3 status, I wonder if now it the right time to submit the project to coverity for scan?

Or should that only be done after the audit is done?

We are already indirectly benifiting from the coverity project via wine, so I guess those code should be excluded.

For those that don't know what I am talking about:
http://scan.coverity.com/
and a description of what coverity does from wine's weekly news:
http://www.winehq.com/?issue=311#Coveri ... ans%20Wine

To my knowledge joining to the coverity project is a long-term (1-2 years?) relation, therefore it could help to avoid any exploitable regressions.

What say any of the developers?[/url]
mxb
Posts: 1
Joined: Sat Apr 23, 2005 7:35 pm
Contact:

Post by mxb »

Now I'm not a developer, but I do try and audit the reactos source code for vulnerabilities. I currently use a few tools (pscan, flawfinder, rats etc. etc.) to help me but someone still has to audit the code by hand. This takes a lot of time (especially with a couple of hundred megs of source code to get through). Automated code checking can pick up the obvious flaws, but some of the more difficult / obscure ones remain hidden.

I'm just about to create some wiki pages for it, in case anyone would like to help me.

It's a good idea, and everything helps, but running a few tools on it won't suddenly make ReactOS secure.
fireball
Developer
Posts: 358
Joined: Tue Nov 30, 2004 10:40 pm
Location: Moscow, Russia
Contact:

Post by fireball »

I already sent an email to Scan Coverity project regarding ReactOS. So I will let you know about their reply.
Aleksey Bragin,
ReactOS Project Lead
Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot], Semrush [Bot], Yandex [Bot] and 0 guests