Code audit (original) (raw)
A software code audit is a comprehensive analysis of source code in a programming project with the intent of discovering bugs, security breaches or violations of programming conventions. It is an integral part of the defensive programming paradigm, which attempts to reduce errors before the software is released. C and C++ source code is the most common code to be audited since many higher-level languages, such as Python, have fewer potentially vulnerable functions (e.g., functions that do not check bounds).
| Property | Value |
|---|---|
| dbo:abstract | A software code audit is a comprehensive analysis of source code in a programming project with the intent of discovering bugs, security breaches or violations of programming conventions. It is an integral part of the defensive programming paradigm, which attempts to reduce errors before the software is released. C and C++ source code is the most common code to be audited since many higher-level languages, such as Python, have fewer potentially vulnerable functions (e.g., functions that do not check bounds). (en) En programmation informatique, l'audit de code est une pratique consistant à parcourir le code source d'un logiciel afin de s'assurer du respect de règles précises. L'audit peut avoir un but légal (s'assurer que les licences des différentes parties d'un programme autorisent bien à le distribuer tel quel, ou voir l'audit interne de ReactOS), ou s'assurer de la sécurité du logiciel en testant sa vulnérabilité, ou bien chercher des bugs. L'audit de code est une pratique très fastidieuse et longue. De plus, elle ne permet généralement pas, en raison de la complexité, de dresser une liste exhaustive des problèmes liés au code. L'utilisation de méthodes automatiques permet de dégrossir le travail, mais se reposer uniquement sur ce genre de méthodes peut nous faire passer à côté de problèmes flagrants pour un humain. Cela commence généralement par un travail d'analyse des besoins métiers. La business logic est très difficile à traduire en règles utilisables par les outils d'analyse de code automatique. Un audit ne concerne en général qu'une librairie ou qu'une partie de l'application. (fr) 소프트웨어 코드 감사 (code audit)는 프로그래밍 프로젝트에서 버그, 보안 위반 또는 프로그래밍 규칙을 위배하는 것을 발견하는 것을 목적으로 소스 코드를 종합적으로 분석하는 것이다. 이것은 소프트웨어가 배포되기 전에 오류들을 감소시킬 목적의 방어적 프로그래밍 패러다임의 필수 요소이다. C와 C++ 소스 코드는 감사해야 하는 가장 흔한 코드인 반면, 많은 고수준 프로그래밍 언어들은 잠재적으로 더 적은 취약한 함수들을 갖는다. (ko) 代码审计(Code audit)是一种以发现程序错误,安全漏洞和违反程序规范为目标的源代码分析。它是防御性编程范式的一部分。该范式的目标是在程序发布前减少错误。C和C++源代码是最常见的分析对象,因为其他更高层的语言如Python拥有更少可能存在漏洞的函数(比如不检查边界条件)。 (zh) |
| dbo:wikiPageID | 4692983 (xsd:integer) |
| dbo:wikiPageLength | 5524 (xsd:nonNegativeInteger) |
| dbo:wikiPageRevisionID | 1115014306 (xsd:integer) |
| dbo:wikiPageWikiLink | dbr:Programming_languages dbc:Information_technology_audit dbr:Defensive_programming dbr:Information_technology_audit dbr:SQL_injection dbr:Vulnerability_(computing) dbr:Cross-site_scripting dbr:Strcpy dbr:Computer_programming dbr:Source_code dbr:Remote_File_Inclusion dbr:Buffer_overflow dbr:List_of_tools_for_static_code_analysis dbr:Sscanf dbr:Execve dbr:Sprintf |
| dbp:wikiPageUsesTemplate | dbt:Citation_needed dbt:Reflist dbt:Short_description |
| dcterms:subject | dbc:Information_technology_audit |
| gold:hypernym | dbr:Analysis |
| rdf:type | dbo:Work |
| rdfs:comment | A software code audit is a comprehensive analysis of source code in a programming project with the intent of discovering bugs, security breaches or violations of programming conventions. It is an integral part of the defensive programming paradigm, which attempts to reduce errors before the software is released. C and C++ source code is the most common code to be audited since many higher-level languages, such as Python, have fewer potentially vulnerable functions (e.g., functions that do not check bounds). (en) 소프트웨어 코드 감사 (code audit)는 프로그래밍 프로젝트에서 버그, 보안 위반 또는 프로그래밍 규칙을 위배하는 것을 발견하는 것을 목적으로 소스 코드를 종합적으로 분석하는 것이다. 이것은 소프트웨어가 배포되기 전에 오류들을 감소시킬 목적의 방어적 프로그래밍 패러다임의 필수 요소이다. C와 C++ 소스 코드는 감사해야 하는 가장 흔한 코드인 반면, 많은 고수준 프로그래밍 언어들은 잠재적으로 더 적은 취약한 함수들을 갖는다. (ko) 代码审计(Code audit)是一种以发现程序错误,安全漏洞和违反程序规范为目标的源代码分析。它是防御性编程范式的一部分。该范式的目标是在程序发布前减少错误。C和C++源代码是最常见的分析对象,因为其他更高层的语言如Python拥有更少可能存在漏洞的函数(比如不检查边界条件)。 (zh) En programmation informatique, l'audit de code est une pratique consistant à parcourir le code source d'un logiciel afin de s'assurer du respect de règles précises. L'audit peut avoir un but légal (s'assurer que les licences des différentes parties d'un programme autorisent bien à le distribuer tel quel, ou voir l'audit interne de ReactOS), ou s'assurer de la sécurité du logiciel en testant sa vulnérabilité, ou bien chercher des bugs. Un audit ne concerne en général qu'une librairie ou qu'une partie de l'application. (fr) |
| rdfs:label | Code audit (en) Audit de code (fr) 코드 감사 (ko) 代码审计 (zh) |
| owl:sameAs | freebase:Code audit wikidata:Code audit dbpedia-fr:Code audit dbpedia-ko:Code audit dbpedia-zh:Code audit https://global.dbpedia.org/id/2fEqr |
| prov:wasDerivedFrom | wikipedia-en:Code_audit?oldid=1115014306&ns=0 |
| foaf:isPrimaryTopicOf | wikipedia-en:Code_audit |
| is dbo:wikiPageWikiLink of | dbr:Bitwarden dbr:Retroshare dbr:Defensive_programming dbr:Coreboot dbr:LibreSSL dbr:Comparison_of_BSD_operating_systems dbr:Static_program_analysis dbr:BIND dbr:Linus's_law dbr:KPI-driven_code_analysis dbr:Software_licensing_audit dbr:Business_models_for_open-source_software dbr:OpenBSD dbr:Security-focused_operating_system |
| is foaf:primaryTopic of | wikipedia-en:Code_audit |