[ntp:security] Klocwork Analysis of your code

Danny Mayer mayer at ntp.org
Thu Jun 26 18:17:00 UTC 2008

We are always interested in bugs that show up in analysis tools. You can 
use this email address for reports if they are security related or you 
can file them in our bug reporting system: http://bugs.ntp.org/ 
whichever you prefer. Putting them in yourself will guarantee that your 
name is associated with the bug report. Please note that it is very 
important that we know the version of ntp that you tested again as it is 
constantly changing.


Ragaeeb Haq wrote:
> Hello,
> I’m from Klocwork, a static source code analysis tool that identifies 
> bugs, potential security vulnerabilities and other issues in your 
> code.  Klocwork regularly analyzes open source projects, and recently 
> ran our latest release, Klocwork Insight 8.0 against a number of 
> prominent open source projects, including yours.  Our analysis results 
> did identify a number of issues that should be reviewed by the project 
> maintainers.  Obviously, as part of this process we always first share 
> the results with the key project contributors which is the reason for 
> this email.    
> Who would be the appropriate person to provide access to the results?  
> If you could provide a contact name/email address we would then provide 
> login access to the results through our hosted web portal.  If you do 
> decide to review the results and if any make their way into your bug 
> queue, all we ask is you provide appropriate acknowledgement to Klocwork 
> - something along the lines of "bug found by Klocwork static analysis tool".
> Thank you,
> Ragaeeb Haq
> **Klocwork**
> Professional Services
> 613-836-8899x323
> Ragaeeb.Haq at klocwork.com <mailto:Ragaeeb.Haq at klocwork.com>
> http://www.klocwork.com

More information about the security mailing list