Veracode static analysis results
Daniel Atallah
daniel.atallah at gmail.com
Wed Dec 5 16:24:13 EST 2012
On Wed, Dec 5, 2012 at 4:22 PM, Ethan Blanton <elb at pidgin.im> wrote:
> Chris Wysopal spake unto us the following wisdom:
>> A customer asked us to analyze Pidgin using our static analyzer. Our
>> responsible disclosure policy is to inform you of any findings so that
>> you may have the chance to review, comment, and/or fix the issues.
>>
>> I think the software performed very well on our analysis but there are
>> a few issues we have found. Attached is our full report. You can find
>> the description of the issues found on pages 10-15. We found 1 Very
>> High criticality. 5 Medium, and 47 low. Here is a summary.
>
> OK, here's my fifteen minute analysis of the bugs. There's only one I
> think I'd really worry about. I've not Cc'd veracode, we can send
> them our final conclusions.
Am I the only one who still hasn't gotten the attachment?
-D
More information about the security
mailing list