I missed this blurb on the SANS website earlier but while I was re-reading it caught my eye.
According to http://www.sans.org/top25errors/#s2 , "one of the leading software testing vendors is announcing that its software will be able to test for and report on the presence of a large fraction of the Top 25 Errors."
Mike Fratto from Information Week says here: http://www.informationweek.com/blog/main/archives/2009/01/cwesans_top_25.html that even if such tools exist, a programmer will not run them due to the complexity of running such tools.
I for one applaud any extra testing tools, as I mentioned in my first post. All they need to do to make it easier is to develop an Eclipse plug in that a developer could right click on and say "Run". Or build it into CodePro.
No comments:
Post a Comment