What is the status of the Intel Static Security Analysis (SSA) product? Does it require a separate purchase? Will it work with the command line on Linux with Intel Fortran 16?
In response to similar question that I might have asked on comp.lang.fortran, you pointed out that Fortran (maybe it was just FORTRAN 77) is not vulnerable to buffer overflows because it does not use variable-length strings. I accept that. But I might be asked to run my application though a static scanner anyway, because the people who authorize systems to operate in classified environments are not always programmers. Can you recommend a product that identifies security vulnerabilities in Fortran source code?
I will ask the business people to update that guide, which seems to be from 2012.
I'm not personally familiar with such scanners, but maybe other users are. SSA never was very useful for Fortran as it tended to report many "false positive" issues.
