Finding Security Vulnerabilities Before Evildoers Do

David Evans
Conferencia Internacional de Software Libre (Open Source International Conference)
Malaga, Spain
20 February 2004

Abstract
Most security attacks exploit instances of well-known classes of implementation flaws. Many of these flaws could be detected and eliminated before software is deployed. This paper describes open source tools that programmers can use to identify likely security vulnerabilities in programs before they are released.

Paper (6 pages) [PDF]

Talk slides: [OpenOffice] [PPT]
Splint Project Page
Malaga Pictures