Welcome!

Eclipse Authors: Pat Romanski, Elizabeth White, Liz McMillan, David H Deans, JP Morgenthal

News Feed Item

LDRA Ships New TBsecure(TM) Complete with CERT C Secure Coding Programming Checker

LDRA (Booth 1017), provider of the most complete automated software verification, source code analysis and test tools covering the full development lifecycle, has released its new TBsecure plug-in complete with the Carnegie Mellon Software Engineering Institute (SEI) CERT C secure coding standard. TBsecure identifies security vulnerabilities and enables implementation of the just released CERT C Secure Coding Standard version 1.0. The CERT C v1.0 standard debuts today at Software Development Best Practices in Boston alongside LDRAs launch of the TBsecure plug-in and its CERT C program checker at Embedded Systems Conference.

LDRAs TBsecure plugs into TBvision, a module within the LDRA tool suite that enables developers to easily see how the source code performs against security vulnerabilities, fault-detection and adherence to the required quality standards. As its primary role, TBsecure applies the CERT C secure coding rules and relays findings to TBvision, which graphically shows code quality, fault detection and avoidance measures through call graphs, flow graphs and code review reports. Using the TBsecure plug-in, managers, team workers and individual developers are able to collectively monitor the implementation of security metrics in their applications in an easy-to-read, intuitive format.

With the increased connectivity of software systems, there has been an increase in the number of software security attacks, noted Robert Secord, Senior Vulnerability Analyst with the SEI CERT program. Our society has become highly dependent on software applications in mission-, business-, and safety-critical systems. Studies indicate that a majority of vulnerabilities in these systems can be traced back to a set of common programming errors. The CERT C standard aims to reduce these risks through software testing and analysis tools that identify these problems before they enter production code.

Without proper security technology, individuals and corporations are increasingly vulnerable to malicious code attacks, fraudulent transactions, and theft-of-service opportunities, observed Ian Hennell, LDRA Operations Director. At LDRA, we focus on assisting in the development of zero-defect software. We are thrilled to be the first company to deliver a CERT C compliant programming checker as we believe this new standard will play a significant role in the development of higher quality systems that are more robust and more resistant to attack.

The CERT C Secure Coding Standard provides rules and recommendations for secure coding in the C programming language. The goal of these rules and recommendations is to eliminate insecure coding practices and undefined behaviors that lead to exploitable vulnerabilities. The application of the secure coding standard leads to higher quality systems that are robust and more resistant to attack. Rules and recommendations included in this CERT C Programming Language Secure Coding Standard are designed to be operating system and platform independent. Once established, these standards can be used as a metric to evaluate source code using an automated process.

Through TBsecure, the LDRA tool suite has been extended to support a wide range of programming rules that enable increased application security using the following classification of security issues:

  • Dynamic Memory Allocation (A) concerns: Dynamic memory management is a common source of programming flaws that can lead to security issues such as heap-buffer overflows, dangling pointers, and double-free issues. In particular, memory management encompasses allocating memory, reading and writing to memory, and deallocating memory.
  • Vulnerabilities (V): These rules are intended to eliminate insecure coding practices aside from those associated with dynamic memory. Examples of insecure coding practices include array indices out of range and dereferencing a null pointer.

LDRAs provision of TBsecure and the CERT C secure coding programming checker extends its leadership in programming standards enforcement, also evident in its participation in the development of MISRA C:2004, MISRA C+:2008, and others.

Shipping and Availability

TBsecure and the CERT C secure coding checker are available now for $2,000. For more information on how LDRA can assist with your CERT C Secure Coding compliance, please visit http://www.ldra.com/certc.asp. For general information on CERT C, please visit: http://www.securecoding.cert.org.

About the LDRA tool suite

The LDRA tool suite has been derived from many ground-breaking testing techniques developed by LDRA. The LDRA tool suite assists with the eight primary tasks: traceability verification, design, code and quality review, unit testing, target testing, test verification and test management. Focus on all of these key areas is required to achieve an organization's software development and maintenance goals. The LDRA tool suite can be used by an entire project team, including developers, QA managers, test engineers, project managers and maintenance/support engineers, to automate the software development lifecycle. Through the deployment of the LDRA tool suite, companies are able to deliver well constructed, documented and tested software and benefit from significant time, cost and operational savings. For more information on the LDRA tool suite, please visit: www.ldra.com.

About LDRA

For more than thirty years LDRA has developed and driven the market for software used for the automation of code analysis and software testing of safety-critical applications. The LDRA tool suite is used in the aerospace, space and defence technology industries as well as the nuclear energy and automotive industries. Through the use of the LDRA tool suite companies ensure that their systems are built in accordance to prescribed standards and are durable and reliable in use. The LDRA tool suite is available for a multiplicity of programming languages and supports a wide range of host and target platforms. LDRA is represented world-wide with its head office in the UK and subsidiaries in the USA as well as through an extensive distributor network. For more information on the LDRA tool suite, please visit: www.ldra.com.

Please send reader enquiries to:

Mark James
LDRA, Portside, Monks Ferry, Wirral, CH41 5LH, UK
Email: [email protected]

This press release and high-resolution images can be downloaded from www.hughescom.net/LDRA.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
22nd International Cloud Expo, taking place June 5-7, 2018, at the Javits Center in New York City, NY, and co-located with the 1st DXWorld Expo will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud ...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
In past @ThingsExpo presentations, Joseph di Paolantonio has explored how various Internet of Things (IoT) and data management and analytics (DMA) solution spaces will come together as sensor analytics ecosystems. This year, in his session at @ThingsExpo, Joseph di Paolantonio from DataArchon, added the numerous Transportation areas, from autonomous vehicles to “Uber for containers.” While IoT data in any one area of Transportation will have a huge impact in that area, combining sensor analytic...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Michael Maximilien, better known as max or Dr. Max, is a computer scientist with IBM. At IBM Research Triangle Park, he was a principal engineer for the worldwide industry point-of-sale standard: JavaPOS. At IBM Research, some highlights include pioneering research on semantic Web services, mashups, and cloud computing, and platform-as-a-service. He joined the IBM Cloud Labs in 2014 and works closely with Pivotal Inc., to help make the Cloud Found the best PaaS.
It is of utmost importance for the future success of WebRTC to ensure that interoperability is operational between web browsers and any WebRTC-compliant client. To be guaranteed as operational and effective, interoperability must be tested extensively by establishing WebRTC data and media connections between different web browsers running on different devices and operating systems. In his session at WebRTC Summit at @ThingsExpo, Dr. Alex Gouaillard, CEO and Founder of CoSMo Software, presented ...
@DevOpsSummit at Cloud Expo, taking place November 12-13 in New York City, NY, is co-located with 22nd international CloudEXPO | first international DXWorldEXPO and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
I think DevOps is now a rambunctious teenager - it's starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of bus...
Everything run by electricity will eventually be connected to the Internet. Get ahead of the Internet of Things revolution. In his session at @ThingsExpo, Akvelon expert and IoT industry leader Sergey Grebnov provided an educational dive into the world of managing your home, workplace and all the devices they contain with the power of machine-based AI and intelligent Bot services for a completely streamlined experience.
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
"Evatronix provides design services to companies that need to integrate the IoT technology in their products but they don't necessarily have the expertise, knowledge and design team to do so," explained Adam Morawiec, VP of Business Development at Evatronix, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. In his session at @BigDataExpo, Jack Norris, Senior Vice President, Data and Applications at MapR Technologies, reviewed best practices to ...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
WebRTC is great technology to build your own communication tools. It will be even more exciting experience it with advanced devices, such as a 360 Camera, 360 microphone, and a depth sensor camera. In his session at @ThingsExpo, Masashi Ganeko, a manager at INFOCOM Corporation, introduced two experimental projects from his team and what they learned from them. "Shotoku Tamago" uses the robot audition software HARK to track speakers in 360 video of a remote party. "Virtual Teleport" uses a multip...
As ridesharing competitors and enhanced services increase, notable changes are occurring in the transportation model. Despite the cost-effective means and flexibility of ridesharing, both drivers and users will need to be aware of the connected environment and how it will impact the ridesharing experience. In his session at @ThingsExpo, Timothy Evavold, Executive Director Automotive at Covisint, discussed key challenges and solutions to powering a ride sharing and/or multimodal model in the age ...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...