PRQA, a leader and pioneer in automated software coding governance solutions for embedded application development, announced updates to their CERT C Compliance Module and source code analytics system that improves the security of the automotive and IoT software at SAE 2016 World Congress, April 12-14 in Detroit, MI. Cobo Center booth 508.
The Connected Car is one of the most visible examples of how the Internet of Things (IoT) has evolved. Also, it highlights the importance of security in a world that is increasingly dependent on software. As developers produce more and more software to power new IoT products, they introduce new risks and bring to market devices vulnerable to security attacks. Cutting-edge hackers are acutely aware that many of the security procedures and applications in use today have been designed to defend against attacks on personal computers, not mobile and embedded systems.
A majority of security vulnerabilities are a result of coding errors that go undetected in the development stage. Several recent studies have identified coding issues as the primary cause of exploitable security vulnerabilities.Carnegie Mellon’s Computer Emergency Response Team (CERT) found that 64% of vulnerabilities in the CERT National Vulnerability Database were the result of programming errors.
PRQA, a founding member of the MISRA C and C++ committees and noted in the industry for its MISRA compliance capabilities, which are used by major automotive OEMs and Tier 1 suppliers such as Robert Bosch, Valeo, TRW Automotive, Ford Motors, Visteon Corporation, Autoliv and Magna, is continually enhancing its security capabilities, including CERT C compliance, to stay ahead of a rapidly evolving threat landscape.
“PRQA continues to improve our security capabilities because we understand the complexity, additional cost and burden of meeting the enormous security challenges that our Automotive and IoT customers today face,” saidPaul Blundell, ‘PRQA’s CEO. “With the PRQA static analysis platform, our customers can detect and correct critical software defects to ensure reliable, safe and secure software and build trust into connected devices in a cost effective and efficient manner to avoid security concerns and capitalize on the full potential of the exploding IoT markets.”
The enhanced CERT C Compliance Module (CERTCCM) is designed to enforce compliance with the CERT C coding standard in conjunction with the PRQA’s QA·C static analyzer. The analyzer can rapidly examine millions of lines of source code and can detect most of the statically enforceable conditions identified in the CERT C guidelines (as well as many others). CERTCCM configures QA∙C to identify issues that are specific to those guidelines, and provides a cross-reference between the standard QA∙C warning message(s) and the corresponding CERT C guideline.
Robert Seacord, the founder of the Secure Coding Institute, commented: “PRQA’s QA·C analyzer is effective at discovering violations of The CERT C Coding Standard that were not discovered through 20 years of testing or by other static analysis tools”. And he continues, “Overall, the QA·C analyzer is an effective tool for eliminating secure coding flaws that can easily lead to software vulnerabilities.”
With recently improved security capabilities, PRQA is now complementing MISRA compliance with CERT C and CWE, enabling compliance enforcement that can be applied to both new and legacy code increasing code reusability and decreasing time to market.
With decades of software analysis innovation and expertise, PRQA has become the leader in source code analysis solutions for embedded software development. The company’s static analyzers, compliance modules, and management dashboards work together, as an easy to use enterprise-grade source code analytics system. This system enables organizations to test application code with unsurpassed depth and accuracy, enabling customers to manage global software development efforts and deliver reliable, safe and secure embedded software for everything from networking products and medical devices to railway systems, industrial automation, and the Internet of Things.
For more information please visit www.programmingresearch.com.