Statically Detecting Likely Buffer Overflow Vulnerabilities

"1988:"

Why aren’t we better off than we were 13 years ago?

Automated Tools

Design Goals

Our approach

Implementation

Annotations

SecurityFocus.com Example

Warning Reported

Overview of checking

Loop Heuristics

Case studies

Results

wu-ftpd vulnerablity

Related Work

Impediments to wide spread adoption

Conclusion