TBsecure® - complete with CERT C secure coding programming checker




TBsecure CERT Standards
TBsecure CERT Standards

TBsecure enables developers to easily see how the source code performs against security vulnerabilities, fault-detection and adherence to the required quality standards.

As its primary role, TBsecure applies the CERT C secure coding rules and relays findings to TBvision, which graphically shows code quality, fault detection and avoidance measures through call graphs, flow graphs and code review reports.

Using the TBsecure plug-in, managers, team workers and individual developers are able to collectively monitor the implementation of security metrics in their applications in an easy-to-read, intuitive format.


TBsecure Programming Rules


Through TBsecure, the LDRA tool suite has been extended to support a wide range of programming rules that enable increased application security using the following classification of security issues:


TBsecure Fault Menu
TBsecure Fault Menu

- Dynamic Memory Allocation (A) concerns: Dynamic memory management is a common source of programming flaws that can lead to security issues such as heap-buffer overflows, dangling pointers, and double-free issues. In particular, memory management encompasses allocating memory, reading and writing to memory, and deallocating memory.


- Vulnerabilities (V): These rules are intended to eliminate insecure coding practices aside from those associated with dynamic memory. Examples of insecure coding practices include array indices out of range and dereferencing a null pointer.


LDRA's provision of TBsecure and the CERT C secure coding programming checker extends its leadership in programming standards enforcement.


LDRA's Programming Standards Track Record


TBsecure Quality Configuration
TBsecure Quality Configuration

Through advanced code analysis capabilities, the LDRA tool suite provides compliance checking for the MISRA-C:1998MISRA-C:2004, & MISRA C+:2008 guidelines. In addition, LDRA has worked with Lockheed Martin in developing the JSF++ AV standard, and is able to enforce Meyers Effective C++ and Effective STL coding guidelines amongst others.


TBsecure Summary


TBsecure delivers tangible benefits that assist in assessing the quality of the code produced and deliver immediate return on investment.

The LDRA tool suite can be configured for compiler dependent features for host or target testing.