Hello! Sadly no answer from Klocwork... Ok, what do you think about Coverity? I mean this one http://scan.coverity.com/ It could be a good addition to this https://www.google-melange.com/gsoc/project/google/gsoc2013/alex_animux/7600...
Radare2 is already scanning by Coverity (a few days). Best regards, Anton Kochkov.
On Fri, Apr 12, 2013 at 1:32 PM, Антон Кочков anton.kochkov@gmail.com wrote:
Good day!
As I did not get a reply to my message from April 3rd I am trying it again.
Is it possible to add the coreboot project https://www.coreboot.org to your free analysis of FOSS projects?
As an alternative to the BIOS and UEFI, coreboot and its payloads need and want to be as secure as possible to also outdo UEFI in the security aspect. So code analysis to find out any issues would help coreboot very much.
Here is the code
git clone http://review.coreboot.org/p/coreboot.gitUnder the directory `payloads/` there are some programs which are started after coreboot has finished. Under the directory `util/` there are several utilities needed for image creation or for board porting.
As a build system, a customized Kconfig is used and there is also the build tool named abuild..
If you have any question, please do not hesitate to ask us. Either on our mailing list http://www.coreboot.org/Mailinglist or myself.
The coreboot project and I hope, you are going to help us and are looking forward to what you are going to find.
Best regards,
Anton Kochkov.
PS: If you know any students interested in low level stuff please tell them, that coreboot is participating in Google Summer of Code 2013 http://www.coreboot.org/GSoC .