[erlang-questions] Automated Code Scanning of Erlang Source for Security

Eric Merritt <>
Sat Jul 7 00:07:20 CEST 2007


 Over the last month or so I have come across a need for a security
scanning tool. There isn't any point in asking why, it really wouldn't
matter anyway. In any case, no tool like this seems to exist. I think
the reason for that is because the simple problems these tools detect
generally don't exist in Erlang. I was setting down, trying to come up
with a list of possible  detectable defects in preparation for writing
my own scanner or extending Dialyzer. The only problems I could think
of was use of eval and related constructs and sql injection style
attacks. Other then that I can't think of a single thing.

So here is my question, finally. What type of, possibly detectable,
security issues are related to Erlang? aside from the ones already


More information about the erlang-questions mailing list