sscc.tar.gz scans C source code for common insecure functions which can be exploited for buffer overflows. It finds and identifes the file name and line of the possible insecure function, taking a lot of the monotony out of auditing source code.
97dea035cefbc0cc409d93070bf3d90614f5b27ed109431070c21edec8739422