[24392] in bugtraq
RE: ITS4 from Cigital flawed
daemon@ATHENA.MIT.EDU (Jeremy Epstein)
Sat Feb 23 09:08:44 2002
From: "Jeremy Epstein" <jepstein@webmethods.com>
To: "Gary McGraw" <gem@cigital.com>, <bugtraq@securityfocus.com>
Date: Fri, 22 Feb 2002 12:07:28 -0500
Message-ID: <NDBBICMMIMLFAPJFOHEBEEMIFCAA.jepstein@webMethods.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <51CC94132526754995E79DCF28C0C34D07E9C2@exchange.cigital.com>
> p.s. More relevant technical criticism of ITS4 can be found in John Viega,
> J.T. Bloch, Tadayoshi Kohno & Gary McGraw (2000) ITS4: A Static
> Vulnerability Scanner for C and C++ Code. In the Proceedings of
> ACSAC 2000,
> December, 2000.
Ob-advertisement: This paper (which won the best paper award at the ACSAC
conference) can be found at http://www.acsac.org/2000/abstracts/78.html
On a related note, the call for papers for ACSAC 2002 can be found at
http://www.acsac.org/2002/cfp/. As the past program chair and current
program cmte member, please consider this a solicitation for submissions
from Bugtraq readers....
