.I haven't used any commercial dynamic and static source code analysis tools and most of them claims that they can find security bugs in the code using an automated procedure. It will be quite impressive if they can deliver that. They way I understood it is that they have some knowledgebase and looks for pre-defined signatures like inline strcpy. Some of these tools inlcude Klocwork, Ounce Labs, Fortify Software etc.
If someone has used them before and share there experience that will be great. Any pointers to related freeware tools and information will be much appreciated.
Cheers
Morph
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}