[Cryptography] Ada vs Rust vs safer C
Florian Weimer
fw at deneb.enyo.de
Sat Sep 17 12:40:07 EDT 2016
* John Denker:
> Another line of attack is to add /annotations/ to make static
> analysis more effective.
Are there any success stories for C one can actually look at?
(I know there are for SPARK.)
We have some very powerful tools, but my impression is that in order
to use them, I need to manually massage my source code and feed it to
the tool outside of the build process. This may certainly give
important insights, but by its nature, it's just a snapshot (like a
source code audit, or a typical fuzzing effort). What I want is
something that runs as part of the regular build process, just like a
test suite, and that narrows the set of available tools quite
significantly (and most have you deal with license management *yuck*).
More information about the cryptography
mailing list