[tor-dev] Source Code Static Analisys

Nick Mathewson nickm at alum.mit.edu
Sun Apr 28 00:52:18 UTC 2013

On Sat, Apr 27, 2013 at 7:16 PM, Ulises Cuñé <ulises2k at gmail.com> wrote:
> I want colaborate with Tor project.
> I send a document of analys source code about the lasted version

Well, looks like I'm spending my evening combing through this thing
looking for true-positives.  If you find any that aren't
false-positives --- particularly security-relevant ones --- please
send me a gpg-encrypted mail or something.  Sending them to the
mailing list like this isn't so great.

(Does the Fortify license actually let you do this? I thought most
tools like this were a little picky about what code you could run them
on, and what you could do with the results.)

best wishes,

More information about the tor-dev mailing list