Buffer
Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.
http://sfsecurity.pr.erau.edu.
Better Software Engineering Practices–
Code Inspection
Code Inspection
Pros:
–Code
inspection may
catch many buffer overflows that
testing won’t
Cons:
–Time is
money
–When
using vendor software, you can’t do a code inspection if you don’t have the source
code