industry news
Subscribe Now

LDRA Implements Homeland Security’s Secure Programming Guidelines

San Bruno, CA, May 3, 2011. LDRA, the leading provider of automated software verification, source code analysis, and test tools, has achieved Common Weakness Enumeration (CWE) Compatibility for the LDRA tool suite. The CWE project aims to better understand flaws in software and to create automated tools that can be used to identify, fix and prevent those flaws. CWE Compatibility confirms that the LDRA tool suite can identify common programming errors contributing to software containing potentially exploitable vulnerabilities.

The CWE project is an international community-developed formal list of common software weaknesses. CWE is a software assurance strategic initiative co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. The CWE effort aims to help shape and mature the code security assessment industry and to dramatically accelerate the use and utility of software assurance capabilities for organizations in reviewing the software systems they acquire or develop.

According to research directed by the National Institute of Security Technology, 64% of software vulnerabilities stem from programming errors. To help identify core weaknesses contributing to software vulnerabilities, MITRE Corporation, a public interest not-for-profit organization, created the CWE list. MITRE manages several federally funded research and development centers, including one for the Department of Homeland Security which is mandated with developing the CWE project. CWE was created to address the concerns of organizations that want assurance that the software products they acquire and develop are free from known types of programming errors.

CWE Compatibility recognizes the ability of LDRA’s static and dynamic analysis tools, LDRA Testbed and TBvision, to assist companies in finding security flaws and weaknesses in code, aiding the development of secure software applications. LDRA achieved CWE Compatibility by accurately mapping the LDRA tool suite to the coding rules of CWE so that the LDRA tool suite can identify, reference and document weaknesses within the code.

“In today’s world, the infrastructure of our everyday life hinges on software that is Internet-connected,” acknowledged Ian Hennell, LDRA’s Operations Director. “In such a world, the importance of securing software from any vulnerabilities and weaknesses ensures the safety of our basic infrastructure, whether communications, power distribution grids, medical information and services, traffic management system, airport traffic control, or financial information. LDRA is committed to identifying the typical programming errors that make software applications vulnerable to external attack and exploitation.”

CWE establishes a list of software weaknesses that provides effective discussion, description, selection of the weaknesses as well as the use of software security tools and services that can find these weaknesses in source code and operational systems. CWE also seeks to better understand and manage software weaknesses at the architecture and design levels. LDRA has integrated the coding competencies that contribute to secure programming into the LDRA tool suite.

About LDRA

For more than 35 years, LDRA has developed and driven the market for software that automates code analysis and software testing for safety-, mission-, security- and business-critical markets. Working with clients to achieve early error identification and full compliance with industry standards, LDRA traces requirements through static and dynamic analysis to unit testing and verification for a wide variety of hardware and software platforms. Boasting a worldwide presence, LDRA is headquartered in the UK with subsidiaries in the United States and an extensive distributor network. For more information on the LDRA tool suite, please visit: www.ldra.com.

Leave a Reply

featured blogs
Jul 24, 2021
Many modern humans have 2% Neanderthal DNA in our genomes. The combination of these DNA snippets is like having the ghost of a Neanderthal in our midst....
Jul 23, 2021
The Team RF "μWaveRiders" blog series is a showcase for Cadence AWR RF products. Monthly topics will vary between Cadence AWR Design Environment release highlights, feature videos, Cadence... [[ Click on the title to access the full blog on the Cadence Community...
Jul 23, 2021
Synopsys co-CEO Aart de Geus explains how AI has become an important chip design tool as semiconductor companies continue to innovate in the SysMoore Era. The post Entering the SysMoore Era: Synopsys Co-CEO Aart de Geus on the Need for AI-Designed Chips appeared first on Fro...
Jul 9, 2021
Do you have questions about using the Linux OS with FPGAs? Intel is holding another 'Ask an Expert' session and the topic is 'Using Linux with Intel® SoC FPGAs.' Come and ask our experts about the various Linux OS options available to use with the integrated Arm Cortex proc...

featured video

Design Success with Foundation IP & Fusion Compiler

Sponsored by Synopsys

When is 1+1 greater than 2? When using DesignWare Foundation IP & Fusion Compiler! Join Raymond and Yung in their discussion of a customer that benefited from the combination of Fusion Compiler’s machine learning and Foundation IP cells and macros.

More information about DesignWare Foundation IP: Embedded Memories, Logic Libraries, GPIO & PVT Sensors

featured paper

Intel® Agilex™ FPGAs target IPUs, SmartNICs, and 5G Networks White Paper

Sponsored by Intel

Security challenges in the form of cyberattacks and data breaches loom ever larger as attacks on high-speed networks multiply. Massive amounts of data are at risk but so are physical resources, including critical physical infrastructure. Cryptography and authentication represent potent countermeasures. The latest members of the Intel® Agilex™ FPGA and SoC FPGA families feature hardened crypto blocks paired with MACsec soft IP to help mitigate the risks and limit the effects of these cyberattacks.

Click to read more

Featured Chalk Talk

Accelerate the Integration of Power Conversion with microBUCK® and microBRICK™

Sponsored by Mouser Electronics and Vishay

In the world of power conversion, multi-chip packaging, thermal performance, and power density can make all of the difference in the success of your next design. In this episode of Chalk Talk, Amelia Dalton chats with Raymond Jiang about the trends and challenges in power delivery and how you can leverage the unique combination of discrete MOSFET design, IC expertise, and packaging capability of Vishay’s microBRICK™and microBUCK® integrated voltage regulators.

Click here for more information about Vishay microBUCK® and microBRICK™ DC/DC Regulators