Vulnerabilities produce enormous reputational and financial risks. That's why many companies are fascinated by security and desire to build a secure development life cycle (SSDLC). So, today...
The PVS-Studio static analyzer encompasses the symbolic execution mechanism. And today we have a great opportunity to demonstrate how this feature helps find...
We present a new type of attack in which source code is maliciously encoded so that it appears different to a compiler and to the human eye. This attack exploits subtleties in text-encoding...
Meet the latest PVS-Studio release — 7.18. This article will tell you about how we improved the analysis of modern C++, the search of security defects from the OWASP Top 10 list, and a new...
Researchers from the University of Cambridge described a technique that allows inserting invisible adversarial code in the reviewed source texts. The attack (CVE-2021-42574) is called Trojan...
Unity is one of the most popular game engines. It helps create many excellent cross-platform projects. It's been 4 years since the last time we checked Unity's source code. Time has come again to...
Toyota ITC Benchmark is a synthetic test set for C and C++. It consists of approximately 650 examples, and it's designed for testing code analyzers. This article is an answer to the question...
Barotrauma is an indie game where you can steer a submarine, hide from monsters, and even play the accordion to save your ship from going down. The Barotrauma project is developed by Undertow...
GUI frameworks are becoming increasingly popular: new ones appear, and old ones get a new life. At PVS-Studio, we are watching this trend very closely. Today we'll examine suspicious code...
