The CERT secure coding standard was developed by the Software Engineering Institute (SEI), for a variety of languages, with the purpose of hardening your code by avoiding coding constructs that are more susceptible to security problems.
In the CERT coding framework, priority is computed as a product of three factors (severity, likelihood of someone exploiting the vulnerability, and remediation cost) and divided into levels: L1, L2, and L3. L1 represents high severity violations, with high likelihood and low remediation cost (i.e. most important to address, as they indicate serious problems that are less complicated to fix). Using CERT’s scoring framework provides great help in focusing efforts and enabling teams to make the best use of their time budgets.
Parasoft C/C++test has full support for CERT coding guidelines, including key guidelines that other static analysis tools miss. Parasoft’s mapped test configuration enables all checkers from the original CERT rule set to assure the security of your codebase, so organizations can rely on a single tool with consistent reporting.
Organizations that don’t have Parasoft fall back on tedious manual code review procedures or combine multiple static analysis tools to achieve the same level of security.
Parasoft’s support for CERT helps organizations detect security vulnerabilities in their code and manage the process of achieving compliance with the standard. This means the high accuracy of the code checkers, low level of false alarms, and sophisticated compliance reporting consistent with the CERT standard, to help minimize related costs and overhead.
Parasoft provides a Security Compliance Pack that includes the broadest support for the CERT coding standard available, with a complete set of static analysis code checkers to cover CERT rules, along with dedicated compliance reporting. High accuracy of the code checkers assures low levels of false alarms, and compliance reporting helps minimize related costs and overhead. This powerful solution helps organizations detect security vulnerabilities in their code and manage the process of achieving compliance with the standard.
Along with the complete set of CERT rules, Parasoft’s unique compliance reporting provides a dynamic view into the development process. Interactive reports and customized dashboards provide different views into the results of CERT compliance status, and use the wording and categorizations that are defined by the standard, to make it easier to understand.
Organizations that don’t have Parasoft have to fall back on tedious manual code review procedures or combine multiple static analysis tools to achieve the same level of security.
Learn more about how to minimize the burden of introducing the CERT coding standard into the daily developer workflow. In this paper, learn how to accelerate compliance with tool automation, dedicated reporting, and workflow management.Download