Problem solve Get help with specific problems with your technologies, process and projects.

Scanning vs. manual audits of software

Security expert James Turnbull explains why he thinks scanning can't replace manual audits when it comes to detecting bugs and flaws in software.

What are some automated open source tools that can scan for flaws in software?
I am not aware of any open source tools that perform this function. All of the tools I have seen are commercial: Fortify, Coverity and Agitar.

I think is also important to note that scanning cannot totally replace manual audits. Tools can remove some of the labor involved but cannot replace human intuition in detecting and extrapolating how a bug or flaw might be exploited and/or fixed.

Dig Deeper on Linux servers

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.