The Polyspace® product family offers a static code analysis solution that addresses cyber security challenges. These challenges are often faced by the software developers and security engineers working on embedded applications. Polyspace products enable engineers to:
- Comply with security standards such as CWE, CERT C, and ISO/IEC 17961
- Detect various categories of critical software defects and security vulnerabilities
- Prove the absence of certain critical vulnerabilities
Complying with Security Standards
Software coding standards such as MISRA have played an important role in preventing unreliable programming constructs in software development processes. CERT C, ISO/IEC 17961, and CWE are coding rule guidelines developed specifically to address the growing number of cyber security concerns within embedded systems. Common weakness enumeration (CWE) is an evolving security standard that provides common characterizations of exploitable software constructs that can make your software vulnerable to exploitation. CERT C is a set of secure coding guidelines for software development in C. It was developed by the CERT community, and it has a significant overlap with CWE. ISO/IEC 17961 is the formal ISO standard for secure coding in C.
Checking your code against any of these guidelines can help reduce your software’s attack surface and prevent security vulnerabilities. These checks are fast becoming an accepted — even required — criteria for software suppliers when ensuring that their software complies with one or more cyber security standards. Polyspace Bug Finder™ helps you check your code against all of the above coding guidelines and generate reports to document compliance.
Learn more about compliance to CERT C with Polyspace static analysis.
Detecting Security Vulnerabilities
The coding phase of the development process introduces a significant proportion of the defects and security vulnerabilities found in software. Polyspace Bug Finder helps find such vulnerabilities and defects early. You can detect issues related to static and dynamic memory such as buffer overflows and the use of deallocated pointers, or you can detect concurrency violations like race conditions. In addition, Polyspace Bug Finder can check for specific security checks such as tainted data, resource and memory leaks, and vulnerable coding. You can address these issues as part of your coding process within your IDE.
For more information, see the list of software vulnerability and defect results.
Proving the Absence of Critical Vulnerabilities
Some of the most exploited vulnerabilities include buffer overflows or illegal pointer dereferencing. A buffer overflow can be exploited to carry out a wide variety of attacks such as stack smashing or code injection. Therefore, it is important to detect all instances of these defects, not just a few. Hackers can make many attempts to find software vulnerabilities – and all they need is to find one loophole in order to wreak havoc on your application.
Polyspace Code Prover™ can identify every such instance and prove that none remain in your software. This is possible due to the detailed run time control and data flow behavior, which can help you make your software modules robust independent of one another.