Rob Caron

Developer-related topics and other stuff.

Get to Know the VSTS Native C/C++ Code Analyzer

Get to Know the VSTS Native C/C++ Code Analyzer

  • Comments 1

With all the attention given Team Foundation Server lately, I haven’t spent much time keeping up with Team Suite and its constituent features. This article on developer.com by Nick Wienholt takes a brief look at the C/C++ native code analysis tools found in Team Suite and Team Edition for Developers.

The key to real security is to have multiple layers of defense. Relying solely on runtime library improvements to guard against coding patterns that can lead to buffer overruns and other security vulnerabilities is not sufficient. This article examines the Static Code Analyzer that ships with Visual Studio Team System (VSTS), Developer Edition, and explains how it can detect common security issues in native C/C++ code.

From: Get to Know the VSTS Native C/C++ Code Analyzer
Via: Eric Jarvi's blog

763

  • it would be nice if the stupid thing wasn't full of false positives.

    e.g.
    //some header
    struct foo {
      int name;
    ...
    };
    //some source file
    int bar(int name)
    {
    }

    generates a warning about the first "name" being hidden in function bar by the scoping of the second "name".

    makes it hard to trust a tool like this if you want to fix an old, large codebase. Are you going to end up spending your time on false positives or on real bugs ?

Page 1 of 1 (1 items)
Leave a Comment
  • Please add 7 and 6 and type the answer here:
  • Post