Re: Software unique identification


Armijn Hemel - Tjaldur Software Governance Solutions <armijn@...>
 

hi,

I am currently a senior systems engineer at Nokia, and I can say
without reservation that we face this problem also, identifying
specific versions of software (binaries as well as sources). Binaries
can change, even if the source does not, if for example the compiler
is updated, or associated libraries. This is especially problematic
when the libraries are (as is often the case) dynamically-linked
shared libraries.
This is not my experience at all. In the Binary Analysis Tool I use fingerprinting using string constants, function names, variable names, and so on, and I can reliably tell versions of binaries apart (granted: the information has to be in my database). This is absolutely no problem at all.

armijn

--
Armijn Hemel, MSc
Tjaldur Software Governance Solutions

Join spdx@lists.spdx.org to automatically receive all group messages.