Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Submission Ask Slashdot: Reviewing 3rd Party Libraries

Carcass666 writes: It is usually good to use existing libraries, rather than reinventing the wheel, especially with open source. Unfortunately, sometimes we have to work with closed source implementations. Recently, we were diagnosing a .NET assembly and, after getting nowhere with the vendor, ran it through a decompiler. The code was a morass of SQL concatenation, sloppy type conversions, and various things that are generally thought of as insecure.

My question is: What are Slashdot readers' preferred tools for analyzing .NET and Java compiled libraries (not source code) for potential security vulnerabilities? Ideally, I would like to know if a library is a security liability before I code against it. For example, Microsoft used to have something called FxCop, but it hasn't been updated for current versions of the .NET framework.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Ask Slashdot: Reviewing 3rd Party Libraries

Comments Filter:

"The urge to destroy is also a creative urge." -- Bakunin [ed. note - I would say: The urge to destroy may sometimes be a creative urge.]