...
Compass/ROSE could detect some violations of this rule simply by collecting all environment variables referenced by a program and reporting if two variables differ only by capitalization (eg "TEST" vs "Test"). To collect environment variables, one must scan the program looking for calls to getenv(), setenv(), etc.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...