Flawfinder searches through source code looking for potential security
flaws. Flawfinder uses an internal database called the ``ruleset''; the
ruleset identifies functions that are common causes of security flaws.
Every potential security flaw found in a given source code file (matching
an entry in the ruleset) is called a ``hit,'' and the set of hits found
during any particular run is called the ``hitlist.''

WWW: http://www.dwheeler.com/flawfinder/