It is generally desirable to correct defects in source code that adversely affect operation of software products. Source code defects that alter how information is stored during execution of a software product, such as defects that cause buffer overflow errors, have the potential to disrupt secure operation of the software product. For example, third parties may exploit buffer overflow errors to gain unauthorized access to a computer system or network—accessing confidential data or introducing dangerous or disruptive programs such as virus programs, worm programs, and Trojan horse programs.
Software developers have a wide variety tools and techniques for analyzing, describing, or documenting the behavior of software and for testing the integrity of source code throughout the product development process. Such tools and techniques are used, among other things, to identify source code defects, such as defects that cause buffer overflow errors, some of which represent threats to the secure operation of software products.
The size and complexity of most commercially valuable software products, however, makes detecting and reviewing every such source code defect impractical. Moreover, some programming languages (such as C and C++) have few built-in provisions for managing buffers or buffer lengths, so that applying typical tools and techniques to find source defects that result in buffer overflow errors may result in the identification of a generally inactionable number of source code defects.