ESC Boston, Ma. – GrammaTech, Inc. has announced here that the next version of its CodeSonar code analysis tool will support the secure coding rules developed by US-CERT. The coding standard provides secure coding rules and recommendations, which reduce insecure coding practices that can create vulnerabilities.
According to Paul Anderson, GrammaTech's vice president of Engineering, CodeSonar's automated analysis will review code and quickly identify problematic sections of code that violate US-CERT secure coding guidelines. CodeSonar's automated enforcement will reduce the need for manual review, making it easier for organizations to adopt the coding standard.
US-CERT, a premier center for computer security expertise, is the operational arm of the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS). US-CERT's mission includes analyzing and reducing threats to cybersecurity within the U.S. It also collaborates with international partners to strengthen Internet security worldwide. The coding rules are part of a broad US-CERT software-assurance initiative called Build Security In. In developing the Build Security In coding rules, US-CERT drew ideas from leading security experts.
By following US-CERT's recommendations and adopting the Build Security In coding rules, said Anderson, it is possible to jump-start efforts to improve product security.
“Good design is obviously critical and Build Security In provides a wealth of resources for improving design. But design alone is not the whole story—correct implementation really matters,” he said. “A large number of vulnerabilities are created by coding flaws. The Build Security In coding rules are aimed at reducing such vulnerabilities. By adhering to the standard, companies can leverage the collective experience of security experts and avoid writing high-risk code.
Anderson said checkers that examine code for adherence to Build Security In rules will be incorporated into the standard version of CodeSonar. Other features will include support for Windows Vista (incl. x64), Windows 7 (incl. x64), Windows Server 2008 (incl. x64), Windows XP x64, and Windows Server 2003 x64, adding to the set of platforms already supported by CodeSonar: Windows 2000, Windows Server 2003, Windows XP, Linux (x86 and x86-64), Solaris (SPARC, x86, and x86-64), and Mac OS X (x86 and x86-64). Additional features will include improvements to analysis precision, analysis time and the user interface.
The next version of CodeSonar will have the same pricing as CodeSonar 3.4, which is available today starting at $9,600 USD for small projects. Licenses for larger projects are priced based on the size of the project.
To learn more, go to www.grammatech.com.