Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×

Comment Fortify SCA (Score 2) 88

in my day job I work for Fortify. You can contact the developers of this library and request that they use static analysis product on their software, or request a security review from a 3rd party. We would for sure catch those SQL injections and more. But we would need the original source code. You can probe for things from the binary, but the results don't come back in a way that is very actionable for the developers. As for your predicament: I think you would be better off writing your own library, rather than putting the insecure one to work.
Security

Submission + - Security review summary of NIST SHA-3 round 1-> 1

FormOfActionBanana writes: "The security firm Fortify Software has undertaken an automated code review of the NIST SHA-3 round 1 contestants' (previously Slashdotted) reference implementations. After a followup audit, the team is now reporting summary results.

According to the blog entry, "This just emphasizes what we already knew about C, even the most careful, security conscious developer messes up memory management."

Of particular interest, Professor Ron Rivest's (the "R" in RSA) MD6 team has already corrected a buffer overflow pointed out by the Fortify review. Bruce Schnier's Skein, also previously slashdotted came through defect free."

Link to Original Source

It is impossible to travel faster than light, and certainly not desirable, as one's hat keeps blowing off. -- Woody Allen

Working...