Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

+ - Ask Slashdot: Reviewing 3rd Party Libraries

Submitted by Carcass666
Carcass666 writes: It is usually good to use existing libraries, rather than reinventing the wheel, especially with open source. Unfortunately, sometimes we have to work with closed source implementations. Recently, we were diagnosing a .NET assembly and, after getting nowhere with the vendor, ran it through a decompiler. The code was a morass of SQL concatenation, sloppy type conversions, and various things that are generally thought of as insecure.

My question is: What are Slashdot readers' preferred tools for analyzing .NET and Java compiled libraries (not source code) for potential security vulnerabilities? Ideally, I would like to know if a library is a security liability before I code against it. For example, Microsoft used to have something called FxCop, but it hasn't been updated for current versions of the .NET framework.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Ask Slashdot: Reviewing 3rd Party Libraries

Comments Filter:

It's time to boot, do your boot ROMs know where your disk controllers are?

Working...