Veracode static analysis results

Daniel Atallah daniel.atallah at
Wed Dec 5 16:24:13 EST 2012

On Wed, Dec 5, 2012 at 4:22 PM, Ethan Blanton <elb at> wrote:
> Chris Wysopal spake unto us the following wisdom:
>> A customer asked us to analyze Pidgin using our static analyzer.  Our
>> responsible disclosure policy is to inform you of any findings so that
>> you may have the chance to review, comment, and/or fix the issues.
>> I think the software performed very well on our analysis but there are
>> a few issues we have found.  Attached is our full report. You can find
>> the description of the issues found on pages 10-15. We found 1 Very
>> High criticality. 5 Medium, and 47 low. Here is a summary.
> OK, here's my fifteen minute analysis of the bugs.  There's only one I
> think I'd really worry about.  I've not Cc'd veracode, we can send
> them our final conclusions.

Am I the only one who still hasn't gotten the attachment?


More information about the security mailing list