he secure coding movement got a little boost today as CERT and Fortify Software announced that they have teamed up to automate part of the process of building security into software -- specifically, automating compliance with CERT's C and C++ Secure Coding Standard.
CERT is translating its guidelines into a coding format that will run on Fortify's Source Code Analysis tool. The resulting software module will be available for free from CERT, so other tool vendors can convert it to their products, and organizations that do in-house testing can use it with their tools as well.
To date, programmers who wanted to use the voluntary CERT guidelines for writing cleaner and more secure software in C and C++ had to manually sift through CERT's massive checklist of guidelines. "Manual enforcement is extremely error-prone and tedious," says Brian Chess, chief scientist at Fortify. "Quickly you get to the point where you are not able to do any manual review of your millions of lines of code, so you have to automate" that process.
darkreading.com, October 03, 2007 10:21 GMT+01
http://www.darkreading.com/document.asp?doc_id=135352&WT.svl=news1_2
CERT is translating its guidelines into a coding format that will run on Fortify's Source Code Analysis tool. The resulting software module will be available for free from CERT, so other tool vendors can convert it to their products, and organizations that do in-house testing can use it with their tools as well.
To date, programmers who wanted to use the voluntary CERT guidelines for writing cleaner and more secure software in C and C++ had to manually sift through CERT's massive checklist of guidelines. "Manual enforcement is extremely error-prone and tedious," says Brian Chess, chief scientist at Fortify. "Quickly you get to the point where you are not able to do any manual review of your millions of lines of code, so you have to automate" that process.
darkreading.com, October 03, 2007 10:21 GMT+01
http://www.darkreading.com/document.asp?doc_id=135352&WT.svl=news1_2
全站熱搜
留言列表
