Tyler Close writes: >If I understand this methodology correctly, then wouldn't it still >flag this code as suspicious even after your proposed fix is applied? Yup. It may be useful as a heuristic for identifying places in the code that would benefit from careful thought, but it's not going to give us a proof or disproof of security/correctness.