[erlang-questions] Security scanning tools for Erlang?

Technion technion@REDACTED
Thu Oct 27 07:38:40 CEST 2016


Erlang itself does.

But unless your own apps have C code, it's typically out of scope of these "your application must be scanned by a static analyser" type requirements. And if there was C in this discussion, we wouldn't have an issue with Fortify being unacceptable.

From: Sergej Jurečko <sergej.jurecko@REDACTED>
Sent: Thursday, 27 October 2016 4:23:22 PM
To: Technion
Cc: erlang-questions
Subject: Re: [erlang-questions] Security scanning tools for Erlang?

On 27 Oct 2016, at 07:15, Technion <technion@REDACTED<mailto:technion@REDACTED>> wrote:

I think the difficulty here is defining what such a tool would ever evaluate.

Erlang is memory safe, so the myriad of tooling for C just doesn't make sense.

Erlang runs on top of a large amount of C code.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20161027/d2c3c3b2/attachment.htm>

More information about the erlang-questions mailing list