Hi,

Recently, I've started looking for auditing tools that will be mainly
used for C++. Lclint was ruled out immediately because it only processes
C code, and not C++. Then I had a look at ITS4 and FlawFinder. Of these
two ITS4 looks the more updated with a larger database of
vulnerabilities and it can handle both C and C++ code. I wanted to
try out RATS as well, but it seems that the website is down or the link
is broken.

After trying these tools I have several questions -

1. Are there any other tools that might do a better job than ITS4 at
   detecting flaws in C *and* C++ code?

2. What tools (if any) can anyone recommend for Java source code audit?

3. Are there any tools that try to feed badly formatted/too long input
   to program in order to test how they handle it?

On a side note, if anyone from the RATS development team is reading this
please fix your website, or post a link to mirrors of RATS.

Sincerely,

--
Yosi
In God We Trust -- All others must submit an X.509 certificate
>From: aleph1securityfocus.com
>To: secprogsecurityfocus.com, sectoolssecurityfocus.com
>Subject: Release: RATS 1.2 and EGADS 0.7
>Date: Mon, 24 Sep 2001 11:19:53 -0600
>----- Forwarded message from ratssecuresw.com -----
>
>From: ratssecuresw.com
>To: bugtraqsecurityfocus.com
>Subject: Release: RATS 1.2 and EGADS 0.7
>Date: Sun, 23 Sep 2001 23:06:57 -0400
>Message-ID: <20010923230657.A32571rsdio.com>
>User-Agent: Mutt/1.2.5i
<snip>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]