In this online Linux Journal Article Jose Nazario discusses the benefits of using source code scanners. They aren't a replacement for manual checks and edits, but tools like Flawfinder, RATS and ITS4 can point you in the right direction. Nazario writes . . .

” . . . Despite some of the mentioned warnings, source code scanners can help improve the state of your code in development or afterwards. It is important to keep these limitations in mind and not presume that everything has been found. The use of two or even all three of these tools is recommended for development teams and basic security audits. Keep in mind that these are tools help assist you in the auditing process, not automate it . . .”

Read full story

 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.