TBsecure® - complete with CERT C secure coding programming checker
TBsecure enables developers to easily see how the source code performs against security vulnerabilities, fault-detection and adherence to the required quality standards.
As its primary role, TBsecure applies the CERT C secure coding rules and relays findings to TBvision, which graphically shows code quality, fault detection and avoidance measures through call graphs, flow graphs and code review reports.
Using the TBsecure plug-in, managers, team workers and individual developers are able to collectively monitor the implementation of security metrics in their applications in an easy-to-read, intuitive format.
TBsecure Programming Rules
Through TBsecure, the LDRA tool suite has been extended to support a wide range of programming rules that enable increased application security using the following classification of security issues:
- Dynamic Memory Allocation (A) concerns: Dynamic memory management is a common source of programming flaws that can lead to security issues such as heap-buffer overflows, dangling pointers, and double-free issues. In particular, memory management encompasses allocating memory, reading and writing to memory, and deallocating memory.
- Vulnerabilities (V): These rules are intended to eliminate insecure coding practices aside from those associated with dynamic memory. Examples of insecure coding practices include array indices out of range and dereferencing a null pointer.
LDRA's Programming Standards Track Record
Through advanced code analysis capabilities, the LDRA tool suite provides compliance checking for the MISRA-C:1998, MISRA-C:2004, & MISRA C+:2008 guidelines. In addition, LDRA has worked with Lockheed Martin in developing the JSF++ AV standard, and is able to enforce Meyers Effective C++ and Effective STL coding guidelines amongst others.
TBsecure delivers tangible benefits that assist in assessing the quality of the code produced and deliver immediate return on investment.
The LDRA tool suite can be configured for compiler dependent features for host or target testing.