From 1df7574b3715848ead3ba349069a9f57ba9ac5df Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Thu, 5 Jan 2017 18:38:17 -0500 Subject: Comment on warnings in goals doc [ci skip] --- doc/manual/goals.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'doc/manual') diff --git a/doc/manual/goals.rst b/doc/manual/goals.rst index 710324ece..cf5522904 100644 --- a/doc/manual/goals.rst +++ b/doc/manual/goals.rst @@ -33,8 +33,10 @@ the desired end result. Over time further progress is made in each. * Well tested. The code should be correct against the spec, with as close to 100% test coverage as possible. All available static and dynamic analysis - tools at our disposal should be used, including fuzzers and specialized attack - tools for common protocols. + tools at our disposal should be used, including fuzzers, symbolic execution, + and protocol specific tools. Within reason, all warnings from compilers and + static analyzers should be addressed, even if they seem like false positives, + because that maximizes the signal value of new warnings from the tool. * Safe defaults. Policies should aim to be highly restrictive by default, and if they must be made less restrictive by certain applications, it should be -- cgit v1.2.3