Walton on Thames, UK, 13 January 2016 / — PRQA, the pioneer in the application of functional and compliance excellence in software development, today announced the introduction of their new certified environment platform – allowing security coding standards and advisories to be applied at the point of code creation, in addition to well established functional and compliance checks. In light of recent high profile exploitations regarding application vulnerabilities, this latest release allows analysis of both legacy code streams and new agile developments. Providing multi-language support for C, C++, C# and Java, combined with straightforward integration of our own static analysis tools, users are now able to apply in-house security rules, as well as external coding standards and sets of common weaknesses, such as CERT® and CWETM. This ensures potential issues and existing weaknesses in legacy code are highlighted, and therefore resolved before the product release.
Robert Seacord, founder of the Secure Coding Institute, commented “PRQA’s QA·C analyzer is effective at discovering violations of The CERT® C Coding Standard that were not discovered through 20 years of testing or by other static analysis tools”. He continues “Overall, the QA·C analyzer is an effective tool for eliminating secure coding flaws that can easily lead to software vulnerabilities”.
With the rapidly growing Internet of Things (IoT) and resulting interconnectivity, application security has never been so essential – especially for software deployed outside classical IT security infrastructure. According to the leading analyst firm Gartner, the number of devices represented in the IoT is likely to reach 6.4 billion over the next 12 months – a growth of 30%. This puts unprecedented pressure on application developers to produce secure and robust products and deliver a sublime customer experience.
Paul Blundell, CEO and Founder of PRQA added “we have been helping software developers enable functional and compliant software development for over 30 years and recognize the changing requirements of our customers. It is no longer enough to have compliant and functional software – it must also be secure in an increasing complex and rapidly evolving ecosystem. Our latest solution set ensures organizations, both large and small, can not only assess existing vulnerabilities in legacy code, but also apply best practice to new developments – across multiple coding languages”
Further details about PRQA’s static analysis products are available at www.programmingresearch.com/products
About the CERT® C Coding Standard
The goal of the CERT® C Coding Standard is to provide rules for coding safe, reliable and secure applications in the C programming language. To achieve this goal, it establishes a set of best practices that define and frequently anticipate a safe handling of the C language features (like avoidance of undefined behaviour conditions, usage of unsecure functions and constructs etc.) and keeps them updated with the evolution of the language standard and of the major implementation extensions available on the market.
About PRQA
Detect, enforce and measure
Since 1985, PRQA has pioneered software coding governance in the automotive, aerospace, transport, finance, medical device and energy industries. Supporting both small start-ups and globally recognized brands, we provide sophisticated code analysis, robust defect detection and enforcement of both bespoke and industry coding standards through functional integrity and application security/safety.
PRQA’s industry-leading solutions, QA·C, QA·C++, QA·J and QA·C# offer the most meticulous static analysis of commonly used programming languages. Innovations such as multi-threading and resource analysis (MTR) complement this with refined multi-thread inspection of code streams. Used locally or centrally deployed via the Quality Management System QA·Verify, we enable early find/fix at the desktop and on the server side complete control, visibility and history to the decision maker.
ISO 9001 and TickIT certified.