[Cryptography] I don't get it.
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Apr 17 22:14:03 EDT 2014
Christian Huitema <huitema at huitema.net> writes:
>In the variant of C++ that we use at Microsoft, the "user types 11" scenario
>will absolutely be flagged by static analysis.
Note that the version of PREfast used inside Microsoft is a lot more powerful
than the general-relase one, so the fact that the internal one would find it
doesn't necessarily mean that the one that everyone else uses would.
(The internal-only analysis tools require a lot more expertise to drive, the
released ones are training-wheels versions that won't result in MS getting
flooded in support calls for error messages that developers don't understand).
Peter.
More information about the cryptography
mailing list