Abstract — Ensuring reliability and quality of software has become a necessity. This is especially true for safety critical systems. To do so, different techniques have been established in industry and academia.…
Common Weakness Enumeration
The Common Weakness Enumeration (CWE) is a collection and categorisation of vulnerabilities in software and hardware. By focusing on security vulnerabilities, CWE differs fundamentally from rule sets such as MISRA or AUTOSAR, which focus more on safety aspects. Another difference between CWE and standards such as C Secure Coding (ISO/IEC TS 17961) is that CWE does not specify concrete rules to be followed when implementing a checker. Instead, CWE provides a list of vulnerabilities to avoid in your software projects.
Security Vulnerability Analysis with CWE and Axivion Suite
Axivion Suite provides you with the Common Weakness Enumeration Checker, a tool for static code analysis that allows you to check your code for many of the security issues listed in the CWE. In addition, Axivion Suite can also support you in analysing your software architecture and thus help identify security vulnerabilities caused by the architecture. Automated checks of coding guidelines such as naming conventions and metrics monitoring also help you maintain the maintainability of your software.
Structured analysis process for existing projects
Axivion’s unique delta mechanism helps you focus on your daily work of producing secure code. In reviews, delta analysis makes it easy to identify deviations from the rules created by sprints, releases, feature branches, etc.
Workplace and DevOps/CI integration
Axivion’s CWE Checker results integrate with IDEs and CI environments, allowing easy integration into your processes from local checks to full-blown automated checks in CI with the same configuration and results.
Focus through severity grading and reporting
Severity classification of rules and rule groups allows you to prioritise your work. By means of justifications, deviations from the rules in the work process can be dealt with in a structured and systematic way in order to develop in conformity with standards. Generate reports about the check of your code for the weak points in the CWE.