[by Dr. Sebastian Krings, Professional Services, R&D, Axivion GmbH] Aside from safety properties, can static analysis tools be used to detect security issues? Yes, as we will show by discussing…
ISO / IEC TS 17961
The C Secure Coding checker covers many of the decidable rules for C Secure Coding. C Secure Coding (ISO/IEC TS 17961) focuses like CERT on security.
Nevertheless, there is a significant overlap with MISRA and AUTOSAR C++14. Unlike CERT, ISO/IEC TS 17961 is an international standard. A long duration of the validity of the ruleset should be the result of this standardization.
Axivion implemented the rules according to the current 2016 standard. Using the Axivion Suite allows you to observe compliance with the ISO/IEC TS 17961 rule set. Axivion’s unique delta mechanism helps you to focus on your day-to-day work, namely generating reliable code. Deviations from the rules that have occurred through sprints, releases, feature branches, etc., can be easily identified by the delta analysis in reviews.
The results of Axivion’s C Secure Coding check are integrated in IDEs and CI environments to allow easy integration into your processes, from local checks through to fully developed automated checks in the CI, with the same configuration and the same results.
You can prioritise your work with severity grading for rules. By means of justifications, deviations from the rules in the work process can be handled in a structured and systematic manner in order to develop standard-compliant products. Generate reports about the C Secure Coding conformity of your code.
The image shows the list of changes for style violations in the selected time frame. Visible are some C Secure Coding violations since the start of the project.