[erlang-questions] Automated Code Scanning of Erlang Source for Security

Eric Merritt cyberlync@REDACTED
Sat Jul 7 00:07:20 CEST 2007


Guys,

 Over the last month or so I have come across a need for a security
scanning tool. There isn't any point in asking why, it really wouldn't
matter anyway. In any case, no tool like this seems to exist. I think
the reason for that is because the simple problems these tools detect
generally don't exist in Erlang. I was setting down, trying to come up
with a list of possible  detectable defects in preparation for writing
my own scanner or extending Dialyzer. The only problems I could think
of was use of eval and related constructs and sql injection style
attacks. Other then that I can't think of a single thing.

So here is my question, finally. What type of, possibly detectable,
security issues are related to Erlang? aside from the ones already
mentioned.

Thanks,
 Eric



More information about the erlang-questions mailing list