Boston, Mass. ” At the Embedded Systems Conference here, LDRA released its new TBsecure plug-in complete with the Carnegie Mellon Software Engineering Institute (SEI) CERT C secure coding standard.
TBsecure identifies security vulnerabilities and enables implementation of the just released CERT C Secure Coding Standard version 1.0. The CERT C v1.0 standard debuts today at Software Development Best Practices in Boston alongside LDRA's launch of the TBsecure plug-in and its CERT C program checker at Embedded Systems Conference.
According to Ian Hennell, LDRA Operations Director, TBsecure plugs into TBvision, a module within the LDRA tool suite that enables developers to easily see how the source code performs against security vulnerabilities, fault-detection and adherence to the required quality standards.
As its primary role, TBsecure applies the CERT C secure coding rules and relays findings to TBvision, which graphically shows code quality, fault detection and avoidance measures through call graphs, flow graphs and code review reports.
Using the TBsecure plug-in, managers, team workers and individual developers are able to collectively monitor the implementation of security metrics in their applications in an easy-to-read, intuitive format.
“Without proper security technology, individuals and corporations are increasingly vulnerable to malicious code attacks, fraudulent transactions, and theft-of-service opportunities,” said Hennell.
The CERT C Secure Coding Standard provides rules and recommendations for secure coding in the C programming language. The goal of these rules and recommendations is to eliminate insecure coding practices and undefined behaviors that lead to exploitable vulnerabilities.
According to Hennell, rules and recommendations included in this CERT C Programming Language Secure Coding Standard are designed to be operating system and platform independent. Once established, these standards can be used as a metric to evaluate source code using an automated process.
Through TBsecure, he said, the LDRA tool suite has been extended to support a wide range of programming rules that enable increased application security using the following classification of security issues: Dynamic Memory and Vulnerabilities.
TBsecure and the CERT C secure coding checker are available now for $2,000. For more information on how LDRA can assist with your CERT C Secure Coding compliance. To learn more, go to www.ldra.com.