Topics

possible help to ensure security of NVDA


J.G
 

Hello,

this post may have been seen as spam or ad, but I wanted only to help. I'm sure, that you, coders and developers also take care of security. I just want to offer you one choice more to verify, that all libraries, that NVDA oses, are secure.

https://github.com/GrammaTech/swap-detector

best regards,
Jožef


 

Hi,

What’s the actual purpose of this library? Does it check issues other than argument swaps? My initial impression is that it doesn’t actually check what are typically called “security bugs” such as buffer overflow, stack overflow, detecting shell codes and insecure code paths, to name a few.

Cheers,

Joseph

 

From: nvda-devel@groups.io <nvda-devel@groups.io> On Behalf Of J.G
Sent: Thursday, September 3, 2020 5:57 PM
To: nvda-devel@groups.io
Subject: [nvda-devel] possible help to ensure security of NVDA

 

Hello,

this post may have been seen as spam or ad, but I wanted only to help. I'm sure, that you, coders and developers also take care of security. I just want to offer you one choice more to verify, that all libraries, that NVDA oses, are secure.

https://github.com/GrammaTech/swap-detector

best regards,
Jožef


Bill Dengler
 

I just finished an internship at GrammaTech!

The tool you want for security (and just general static analysis) is Code Sonar, which I happened to work on during my time there.

It’s extremely powerful, but proprietary and a licence would almost definitely be paid.

 

Thanks,

Bill

From: nvda-devel@groups.io <nvda-devel@groups.io> On Behalf Of Joseph Lee
Sent: Thursday, 3 September 2020 21:01
To: nvda-devel@groups.io
Subject: Re: [nvda-devel] possible help to ensure security of NVDA

 

Hi,

What’s the actual purpose of this library? Does it check issues other than argument swaps? My initial impression is that it doesn’t actually check what are typically called “security bugs” such as buffer overflow, stack overflow, detecting shell codes and insecure code paths, to name a few.

Cheers,

Joseph

 

From: nvda-devel@groups.io <nvda-devel@groups.io> On Behalf Of J.G
Sent: Thursday, September 3, 2020 5:57 PM
To: nvda-devel@groups.io
Subject: [nvda-devel] possible help to ensure security of NVDA

 

Hello,

this post may have been seen as spam or ad, but I wanted only to help. I'm sure, that you, coders and developers also take care of security. I just want to offer you one choice more to verify, that all libraries, that NVDA oses, are secure.

https://github.com/GrammaTech/swap-detector

best regards,
Jožef