Comment 12V Most of these problems already have partial solutions

Story

OpenSSL bug sparks new development

Preview

Most of these problems already have partial solutions (Score: 4, Informative)

by fatphil@pipedot.org on 2014-04-15 14:08 (#12V)

Whilst it doesn't apply to heartbleed, large number of problems can be detected with static analysis.

OK, Coverity doesn't (yet) spot heartbleed, but it soon will:
: http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html

OpenSSL have a history of deliberately ignoring the results of such scans:
: http://openssl.6102.n7.nabble.com/Coverity-coverage-of-OpenSSL-td42651.html

I agree that the false positives are annoying, but you can mark them as false positives, and you won't be warned about them again.

Moderation

Time Reason Points Voter
2014-04-15 15:34 Informative +1 fishybell@pipedot.org
2014-04-15 15:52 Informative +1 kerrany@pipedot.org
2014-04-16 12:16 Informative +1 nightsky30@pipedot.org

Junk Status

Not marked as junk