Quantcast
 
Search for: Search what?
Oct 12, 2008  
 Newsletters
Subscribe Free to Product News Alerts
  
Receive customized, daily news on the products you want.
Subscribe   View Sample
 Categories
Industrial Market Trends
OnSite WebReviews
Latest New Product News
Adhesives and Sealants
Agricultural and Farming Products
Architectural and Civil Engineering Products
Automatic ID
Chemical Processing and Waste Management
Cleaning Products and Equipment
Communication Systems and Equipment
Computer Hardware and Peripherals
Construction Equipment and Supplies
Controls and Controllers
Display and Presentation Equipment
Electrical Equipment and Systems
Electronic Components and Devices
Explosives, Armaments and Weaponry
Fasteners and Hardware
Fluid and Gas Flow Equipment
Food Processing and Preparation
Health, Medical and Dental Supplies and Equipment
HVAC
Labels, Tags, Signage and Equipment
Laboratory and Research Supplies and Equipment
Lubricants
Machinery and Machining Tools
Material Handling and Storage
Materials and Material Processing
Mechanical Components and Assemblies
Mechanical Power Transmission
Mining, Oil Drilling & Refining
Mounting and Attaching Products
Non-Industrial Products
Optics and Photonics
Packaging Products & Equipment
Paints and Coatings
Plant Furnishings and Accessories
Portable Tools
Printing and Duplicating Equipment
Retail and Sales Equipment
Robotics
Safety and Security Equipment
Sensors, Monitors and Transducers
Services
Software
Test and Measuring Instruments
Textile Industry Products
Thermal and Heating Equipment
Timers and Clocks
Transportation Industry Products
Vision Systems
Waste Handling Equipment
Welding Equipment and Supplies
Association News
Browse Categories
Browse Companies
 Press Releases
Products in the News
Company News
Mergers & Acquisitions
People in the News
Literature & Websites
 Resources
News Delivery Options
Mobile Edition
PR Resources
Licensing
Advertising
How to Write an effective Press Release
Trade Associations
Small Business Support
MEP


Advertisement

Story Tools
Tools for Registered Users
   Go Back |  Send Story by email E-Mail  |  Print  |  Post   
   Save Story |  Watch_Company  
Software IDs security vulnerability, meets CERT C standard.
Software IDs security vulnerability, meets CERT C standard.

Click Here to Enlarge Picture

News Story

Software IDs security vulnerability, meets CERT C standard.


May 22, 2008 - Offered as OS- and platform-independent solution, LDRA tool suite helps identify security vulnerabilities and enforce security standards for development and deployment. CERT C Secure Coding Standard provides rules and recommendations for secure coding in C programming language, helping eliminate insecure coding practices and undefined behaviors that lead to exploitable vulnerabilities. Once established, standards can be used as metric to evaluate source code using automated process.


Related categories:   Software
Press Release
Release date: May 20, 2008


LDRA Tool Suite Support Identifies Security Vulnerabilities and Meets the CERT C Standard


Monks Ferry, San Bruno, CA - May 20, 2008. LDRA, provider of the most complete automated software verification, source code analysis and test tools covering the full development lifecycle, has enhanced the capabilities of the LDRA tool suite to assist in identifying security vulnerabilities and enforce security standards for development and deployment. LDRA's adoption in this area demonstrates the company's commitment to ensure their clients are able to comply fully with the latest security standards and certifications.

With the increased dependency on software systems in mission- and safety-critical systems, there has been an increase in the number of attacks. New security vulnerabilities are discovered daily and these cause problems with systems inadequately protected that result in security flaws. Studies indicate that a majority of these vulnerabilities can be traced back to a set of common programming errors.

The CERT C Secure Coding Standard provides rules and recommendations for secure coding in the C programming language. The goal of these rules and recommendations is to eliminate insecure coding practices and undefined behaviors that lead to exploitable vulnerabilities. The application of the secure coding standard leads to higher quality systems that are robust and more resistant to attack. Rules and recommendations included in this CERT C Programming Language Secure Coding Standard are designed to be operating system and platform independent. Once established, these standards can be used as a metric to evaluate source code using an automated process.

The LDRA tool suite has been extended to support a wide range of programming rules that enable increased application security using the following classification of security issues:

o Dynamic Memory Allocation (A) concerns: Dynamic memory management is a common source of programming flaws that can lead to security issues such as heap-buffer overflows, dangling pointers, and double-free issues. In particular, memory management encompasses allocating memory, reading and writing to memory, and deallocating memory.

o Vulnerabilities (V): These rules are intended to eliminate insecure coding practices aside from those associated with dynamic memory. Examples of insecure coding practices include array indices out of range and dereferencing a null pointer.

Without proper security technology vulnerability, malicious code attacks, fraudulent transactions, and theft-of-service opportunities will be on the rise. One proven way to help reduce these risks is with the use of software testing and analysis tools that identify these problems before they enter production code.

"At LDRA, we aim to assist in the development of zero-defect software development, and the CERT C standard plays a significant role in the development of higher quality systems that are more robust and more resistant to attack," commented Ian Hennell, LDRA Operations Director. "Because of our commitment to best practice programming, we have supported CERT C through the involvement of Chris Tapp, one of our key field application engineers, in development of the standard. This participation continues our tradition of leadership in programming standards enforcement, also evident in our participation in the development of MISRA C:2004, MISRA C++:2008 and others."

For more information on how LDRA can assist with your CERT C Secure Coding compliance, please visit http://www.ldra.com/certc.asp. For general information on CERT C, please visit: http://www.securecoding.cert.org.

About the LDRA tool suite

Many ground-breaking testing techniques have been derived from methodologies developed by LDRA. The LDRA tool suite assists with the eight primary tasks required to achieve an organization's software development and maintenance goals. It can be utilized by an entire project team, ranging from developers, QA managers, test engineers, project managers and maintenance/support engineers, to automate the software development lifecycle. Through the deployment of the LDRA tool suite companies are able to deliver well constructed, documented and tested software and, in addition, benefit from significant time, cost and operational savings for their businesses. For more information on the LDRA tool suite, please visit: www.ldra.com.

About LDRA

For more than thirty years LDRA has developed and driven the market for software used for the automation of code analysis and software testing of safety critical applications. The LDRA tool suite is used in the aerospace, space and defense technology industries as well as the nuclear energy and automotive industries. Through the use of the LDRA tool suite companies ensure that their systems are built in accordance to prescribed standards and are durable and reliable in use. The LDRA tool suite is available for a multiplicity of programming languages and supports a wide range of host and target platforms. LDRA is represented world-wide with its head office in the UK and subsidiaries in the USA as well as through an extensive distributor network. For more information on the LDRA tool suite, please visit: www.ldra.com.


Contacts:

General Information:
Mark James
USA
Phone: 44-0-151-649-9300
Send email  E-mail this person
Company Information:
Name: LDRA
Address: Portside
City: Wirral
ZIP: CH41 5LH
Country: United Kingdom
Phone: 0151 649 9300
FAX: 0151 649 9666
http://www.ldra.com



Story Tools
   Go Back |  Send Story by email E-Mail  |  Print  |  Post   

[Get Copyright Permissions]
Click here for copyright permissions!
Copyright 2008 Thomas Publishing Company

Send email Contact company
company web site Company web site
more company news More news from this company
directory searchSearch for suppliers of:
Diagnostic Software
Software Development Tools
Debugging Software
directory searchJoin the forum discussion at:
Engineers Lounge

Advertisement
Related Stories:
Oct 10, 2008Software helps web developers build cross-browser menus.
Oct 10, 2008FDO Providers drive geospatial open source community.
Oct 9, 2008Software offers development tool for LynxOS RTOS.
Oct 6, 2008Software develops applications for Windows, Mac, and Linux.
Oct 3, 2008Software enables payment processing integration.
Oct 2, 2008Software aids in XML-based authoring, embedding help.
Sep 30, 2008Software enables proactive, personalized customer support.
Sep 26, 2008Software helps develop help files and manuals in CHM format.
Sep 26, 2008Open Source Replication Solution addresses Oracle content.
Sep 25, 2008SaaS enables real-time collaboration for project management.
Sep 25, 2008Software builds composite applications on SharePoint.
Sep 25, 2008Development Tools facilitates VoiceXML application creation.
Sep 25, 2008Software enables deployment of revenue-generating services.
Sep 25, 2008Software creates scalable telephony applications.
Sep 24, 2008Software Tools facilitate Java UI development.
Sep 24, 2008Software IDE works with Microsoft .NET and BizTalk.
Sep 24, 2008Software Tools facilitate Linux development.
Sep 24, 2008Software support visualization/utilization of 4D image sets.
Sep 22, 2008Software provides user interface management.
Sep 18, 2008Robotic Software provides universal object recognition.
More New Product News from this company:
Sep 10, 2008Software identifies faults early in application development.
Apr 17, 2008Software provides transparency into source code.
 
Category Advertisements
Newsroom Advertisers
Brought to you by Thomasnet.com        Browse ThomasNet Directory

News provided by ThomasNet Industrial Newsroom® (TIN). TIN is a comprehensive source of new and timely product information in the industrial marketplace. TIN supplies new product information to the web sites, e-marketplaces and print publications that serve the industrial marketplace. For press release submissions please go to http://news.thomasnet.com/submitpr.html. BY ACCESSING, BROWSING AND/OR USING THIS WEB SITE AND/OR ANY WEB SITES PROVIDED BY ProductNews.com, YOU AGREE TO BE BOUND BY THE TERMS OF USE AGREEMENT.

Copyright © 2008 Thomas Publishing Company
Terms of Use - Privacy Policy



1.76