|
Bugtraq
mailing list archives
ITS4 version 1.1 released
From: John Viega <viega () LIST ORG>
Date: Sun, 1 Oct 2000 15:55:50 -0700
Version 1.1 of ITS4, the C/C++ source code security scanner, has been
released. It is available from http://www.cigital.com/its4
Major changes include:
- Added handlers for format string attacks, along w/ some supporting code.
- Support was added to integrate ITS4 with the Visual Studio GUI.
Directions are in the INSTALL file. Thanks to Bob Fleck
(rfleck () cigital com) for this contribution.
- By default, identifiers with the same names as "bad" functions
are not flagged, even though there is a slight chance that macro
magic could be hiding a real problem. If you want the old behavior,
use the flag "--paranoid".
- Fixed a bug that redefined __cplusplus for most Solaris users without
a getopt_long (Reported by lots and lots of people... thanks, all!).
- Fixed several small bugs that probably have no impact on most users.
The most important is that numbers are parsed as if ITS4 is a
preprocessor, not a C parser. This helps ITS4 address many
language extensions without choking (but not all).
- Reliable Software Technologies changed its name to Cigital, Inc.
The documentation and license have been modified to reflect this change.
I also switched the signing key to my GPG key, which can be looked up
on most major keyservers. The digital signature for the release is
available at:
http://www.cigital.com/its4/jviega/its4-1.1.tgz.asc
John Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
- ITS4 version 1.1 released John Viega (Oct 01)
|
Intro
