Hacker News new | past | comments | ask | show | jobs | submit login

Plethora of static analysis tools make it possible to write code that's "safe enough" I would imagine, for some value of "safe enough"



Now if people would actually use them.

> Which of the following tools do you or your team use for guideline enforcement or other code quality or analysis?

https://www.jetbrains.com/lp/devecosystem-2020/cpp/

With the best value being 36%.


Then why have we seen ITW exploits against Chrome, or Linux? These are C and C++ codebases that undergo tons of static analysis and testing - tons of research goes into both of those projects to make them safer.

Still vulns. Still exploits.


Don't forget Sanitizers combined with comprehensive test suits. I would always recommend doing both, static and dynamic analysis.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: