Common Weakness Enumeration (CWE) Compliance

Parasoft Support for CWE

Parasoft supports CWE guidelines with dedicated code analysis configurations that map to best practices outlined in the standard. Parasoft supports Mitre’s Common Weakness Enumeration (CWE) for C, C++, Java, and .net languages. The linked PDFs show how Parasoft’s static analysis rules map to the CWE:

Secure Application Development Beyond Static Analysis

Secure application development involves more than static analysis. Truly secure application development requires that testing involve a mixture of test and analysis methods applied throughout the SDLC, and also that a broad set of software lifecycle management and vulnerability/risk management activities be integrated across the process to ensure the delivery of secure and reliable software.

Parasoft addresses both of these expectations with its Application Security solution, which was recently awarded the Jolt award in the "Security" category. This integrated system extends Parasoft’s static analysis capabilities—providing a pre-configured system with processes and best practices that help organizations produce secure applications consistently and efficiently.

The complete solution integrates project and task management with a broad spectrum of secure application development practices—including penetration testing, authentication/encryption/access control validation, code review, runtime analysis, and more. It drives security tasks to a predictable outcome according to defined industry standards or management’s expectations. This gives organizations the comprehensive process visibility and control needed to effectively satisfy security requirements.

Establish, Apply, and Monitor Adherence to Policies

Parasoft’s policy-driven approach defines the organization’s expectations around quality while ensuring consistent, unobtrusive policy application. The automated infrastructure automatically monitors policy compliance for visibility and auditability.

This approach helps you:

  • Drive expected behavior throughout the SDLC to promote predictable outcomes
  • Deliver an actionable set of tasks that are measurable through completion
  • Gain control to continuously improve the process of delivering business applications