Tool enables IoT developers to easily find vulnerabilities
LDRA announced that its TBsecure module within the LDRA tool suite provides the industry’s most comprehensive automated support for the Carnegie Mellon Software Engineering Institute (SEI) CERT C Secure Coding Standard. With checks for more than 200 CERT C rules, TBsecure helps developers identify more software safety and security vulnerabilities than any other static analysis tool available today. TBsecure specifically addresses the security concerns in the increasingly complex and growing IoT market.
With a more than 40-year track record for delivering automated code testing and software safety analysis products, LDRA’s modular tool suite is used by IoT and other product developers who require early insight into potentially exploitable safety and security vulnerabilities in source code. The TBsecure module uses the most current CERT C secure coding rules to find software issues that could leave products and systems open to security attacks.
“As the number of IoT and other software-connected products in the world increases exponentially, so does the number of software security attacks. Just recently, for instance, a hack of Fiat Chrysler automobiles resulted in a recall of 1.4m vehicles,” said Ian Hennell, Operations Director, LDRA. “To prevent financial losses and potential loss of life, software developers must take an automated approach to code quality improvement, fault detection, and other safety and security intelligence long before the product is manufactured and delivered to the marketplace.”
Particularly well-suited for automotive, medical, and industrial IoT applications, the comprehensive checking of the LDRA tool suite delivers a commanding additional buffer over that of other code checkers on the market. With TBsecure, developers using the LDRA tool suite gain an unprecedented level of early insight into the types of coding anomalies that can expose complex products to security risks.
“The number and severity of attacks on mission-, business-, safety- and security-critical systems has risen disproportionately with our increased dependency on these systems,” said Robert Seacord, a Principal Security Consultant, NCC Group and author of The CERT C Coding Standard (Addison-Wesley 2014). “Studies indicate that a majority of vulnerabilities in these systems can be traced back to a relatively small set of common programming errors. The CERT C Coding Standard enumerates these programming errors so that software testing and analysis tools, such as the LDRA tool suite, can be used to discover these problems before they are deployed in production systems.”
The LDRA TBsecure module, which plugs into the LDRA tool suite, shows code quality, fault detection and avoidance measures through call graphs, flow graphs and code review reports. Using TBsecure, managers, team workers, and developers can collectively monitor the implementation of safety and security metrics in their applications in an easy-to-read, intuitive format.