[tor-dev] Source Code Static Analisys
Nick Mathewson
nickm at alum.mit.edu
Sun Apr 28 00:52:18 UTC 2013
On Sat, Apr 27, 2013 at 7:16 PM, Ulises Cuñé <ulises2k at gmail.com> wrote:
> I want colaborate with Tor project.
>
> I send a document of analys source code about the lasted version
Well, looks like I'm spending my evening combing through this thing
looking for true-positives. If you find any that aren't
false-positives --- particularly security-relevant ones --- please
send me a gpg-encrypted mail or something. Sending them to the
mailing list like this isn't so great.
(Does the Fortify license actually let you do this? I thought most
tools like this were a little picky about what code you could run them
on, and what you could do with the results.)
best wishes,
--
Nick
More information about the tor-dev
mailing list