ITS4 version 1.1 released

[John Viega <viega () LIST ORG>]

Version 1.1 of ITS4, the C/C++ source code security scanner, has been
released.  It is available from http://www.cigital.com/its4

Major changes include:

- Added handlers for format string attacks, along w/ some supporting code.
- Support was added to integrate ITS4 with the Visual Studio GUI.  
  Directions are in the INSTALL file.  Thanks to Bob Fleck
  (rfleck () cigital com) for this contribution.
- By default, identifiers with the same names as "bad" functions
  are not flagged, even though there is a slight chance that macro
  magic could be hiding a real problem.  If you want the old behavior,
  use the flag "--paranoid".
- Fixed a bug that redefined __cplusplus for most Solaris users without
  a getopt_long (Reported by lots and lots of people... thanks, all!).
- Fixed several small bugs that probably have no impact on most users.
  The most important is that numbers are parsed as if ITS4 is a 
  preprocessor, not a C parser.  This helps ITS4 address many
  language extensions without choking (but not all).  
- Reliable Software Technologies changed its name to Cigital, Inc.
  The documentation and license have been modified to reflect this change.

I also switched the signing key to my GPG key, which can be looked up
on most major keyservers.  The digital signature for the release is
available at:

http://www.cigital.com/its4/jviega/its4-1.1.tgz.asc

John

Attachment: _bin
Description: