[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Coverity Scan for GNUstep?
From: |
Ivan Vučica |
Subject: |
Re: Coverity Scan for GNUstep? |
Date: |
Mon, 15 Jan 2018 01:50:37 +0000 |
I don't recall it, but it seems like a good idea.
I don't have a preference. Perhaps particular project's maintainer? Or
perhaps we can (instead of a single person) have a closed-off security
discussion list, with a limited number of invite-only participants?
Can we do that on gnu.org?
Do you feel like setting this up?
On Sun, Jan 14, 2018 at 6:54 PM, Fred Kiefer <address@hidden> wrote:
> I remember we talked about this before, maybe at the Dublin meeting. There is
> the option to set up GNUstep on scan.coverity.com to have the code
> automatically checked for known vulnerabilities. At the time we did discuss
> this there wasn’t support for Objective-C but this seems to have been added:
>
> https://www.synopsys.com/content/dam/synopsys/sig-assets/datasheets/CWE-CC-Objective-C.pdf
>
> What are your opinions on this? In the beginning it will require some extra
> effort to fix the found weaknesses and somehow to flag the false positives.
> And who should be in charge of getting the reports? The idea here is that
> only the person registered for the project will get the report to prevent
> 0-day issues becoming public too soon.
>
> Fred
> _______________________________________________
> Gnustep-dev mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/gnustep-dev
- Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/14
- Re: Coverity Scan for GNUstep?,
Ivan Vučica <=
- Re: Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/15
- Re: Coverity Scan for GNUstep?, Ivan Vučica, 2018/01/16
- Re: Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/21
- Re: Coverity Scan for GNUstep?, David Chisnall, 2018/01/21
- Re: Coverity Scan for GNUstep?, Ivan Vučica, 2018/01/21
- Re: Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/21
- Re: Coverity Scan for GNUstep?, Ivan Vučica, 2018/01/21
- Re: Coverity Scan for GNUstep?, Fred Kiefer, 2018/01/21