Please see the accompanying tool report files for our results on the SATE 08 C
language track:
lighttpd_run1.xml
nagios_run1.xml
naim_run1.xml

All tests were performed with CodeSonar 3.0p0

The machine is as follows:
OS: Debian 3.1 (2.6.18.1 kernel)
Compiler: gcc 3.3.5

The tests were run in the default configuration, except for the output
location.  The CodeSonar commands used to analyze the projects are as
follows:
lighttpd: codesonar hook-html lighttpd-1.4.18 glenda:8093 make
nagios: codesonar hook-html nagios-2.10 glenda:8093 make all
naim: codesonar hook-html naim-0.11.8.3.1 glenda:8093 make

No annotations were made to the code to produce the results.

Note that for simplicity, we have included CodeSonars XML output in the
output section of the XML weakness reports.  If it would be more helpful for
you to view the HTML output (this is how the tool would normally be used and
is obviously more human readable), or if you have any other questions about
our results, please send me an email at fletcher@grammatech.com or call me at
(607)-273-7340 x24.


In this archive are tool reports produced by CodeSonar for the C language
track.  They add CodeSonar's rank as textoutput in the reports.  Rank is a
combination of severity and probability that it is a true positive, so the
most serious warnings will not necessaraly have the lowest rank.
Additionally, HTML reports for each weakness ID reported in the tool report
are included.  The name of the html file should match the weakness ID in the
tool report XML.

These reports are labeled run3, but are from the same time as the original
submission.  Run 2 was not sent do to errors introduced transforming the
CodeSonar XML reports into the SATE tool report format.

