![[LWN Logo]](/images/lcorner.png)
![[LWN.net]](/images/Included.png)
|
|
|
|
From: RATS Development Team <rats@securesw.com> To: bugtraq@securityfocus.com, secprog@securityfocus.com, ntbugtraq@listserv.ntbugtraq.com Subject: ANNOUNCEMENT: RATS-0.9 (C/C++ Security Scanner) Date: Mon, 21 May 2001 02:26:19 -0400 Secure Software Solutions (www.securesw.com) announces RATS, a security auditing tool for C and C++ code. RATS scans through code, finding potentially dangerous function calls. The goal of this tool is not to definitively find bugs. Instead, this tool aims to provide a reasonable starting point for performing manual security audits. RATS is released under version 2 of the GNU Public License (GPL). Version 0.9 is available from: http://www.securesw.com/rats/ Currently, we've made available a source tarball, RPMs, and an OS X package. The initial vulnerability database is taken directly from things that could be easily found when starting with the forthcoming book, "Building Secure Software" by Viega and McGraw. We plan on actively maintaining RATS. We welcome any feedback, bug reports or contributions. Particularly, we would like to incorporate any vulnerability information people contribute. However, we will need to determine that information is public knowledge before we can incorporate it into the release. Feedback will be useful as we work on new versions of the tool. In the future, we plan on enhancing the tool with better analysis Additionally, we plan on extending the tool to handle other programming languages. We'd appreciate feedback on which languages are most important to people. The developers can be reached at: rats@securesw.com. P.S. We've recently learned that David Wheeler has built a similar tool in Python called "flawfinder", which he is also releasing today. It is also a GPL'd C/C++ security scanner. We've talked to David about it-- the tentative plan is to examine the advantages of each tool and then merge them.