Don't static analyzers catch a lot of these bugs these days? (if one can be both... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		HairyFotr on Oct 20, 2013 \| parent \| context \| favorite \| on: Facebook CSRF leading to full account takeover (fi... Don't static analyzers catch a lot of these bugs these days? (if one can be bothered to configure and use them)

wglb on Oct 20, 2013 | [–]

And wade through a forest of false positives.

meowface on Oct 20, 2013 | [–]

They do. And I imagine Microsoft employs static analyzers very frequently.

They can't always catch everything, though.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact