Buffer
Overflow Defenses. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle.
http://sfsecurity.pr.erau.edu.
Analysis tools - Static
•Examples: Software
that searches source code for unsafe library function calls like ITS4
•Pros:
–Can be a very effective tool during code inspection by finding unsafe library
function calls and making recommendations
•Cons:
–Only effective against buffer overflows caused by unsafe standard C library function
calls
–Produces many false positives, only a fraction of the library function calls that are
reported are actually unsafe