Following reproduced verbatim from Mudge and Sarah Zatko's Def Con 24 presentation.
Value | Static Analysis Feature |
---|---|
-5 | No 64 bit version of application available |
-20 | Each missing application armoring feature. This includes ASLR, DEP, Heap Protection, and Stack Guards. |
-5 | Source code is not fortified at all. |
+5 | Source code is entirely fortified. If source was a mix of fortified and unfortified functions, then source did not change at all. |
-25 | Ick functions are present in the code. |
-15 | Bad functions are present in the code. If there are only randomness functions in this category, such as rand or srand , then the penalty is 7.5 instead. |
-5 | Risky functions are present. If there are only randomness functions for this category, the penalty is 2.5 instead. |
+10 | Good functions are present. 10 points are added, not subtracted, in this case. If the only good functions are randomness functions, sucn as arc4random , then 5 points is added instead. |