The next version of CodeSonar, from GrammaTech, will support the secure coding rules developed by US-CERT. CodeSonar’s automated analysis will review code and quickly identify problematic sections of code that violate US-CERT secure coding guidelines. CodeSonar’s automated enforcement will reduce the need for manual review, making it easier for organizations to adopt the coding standard. The next version of CodeSonar will have the same pricing as CodeSonar 3.4, which is available starting at $9,600 (USD) for small projects. Licenses for larger projects are priced based on the size of the project.
CodeSonar is a sophisticated static-analysis tool that performs a whole-program, interprocedural analysis on code, and identifies complex programming bugs that can result in system crashes, memory corruption, and other serious problems. CodeSonar has long been the software-analysis tool of choice for companies working on mission-critical applications — such as satellites, avionics, industrial controls and medical devices. Companies outside the safety-critical space are also adopting CodeSonar to improve software reliability and security. This includes organizations developing software for wireless devices, networking equipment, and consumer electronics.
US-CERT is the operational arm of the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS). US-CERT’s mission includes analyzing and reducing threats to cybersecurity within the U.S. It also collaborates with international partners to strengthen Internet security worldwide. The coding rules are part of a broad US-CERT software-assurance initiative called Build Security In. In developing the Build Security In coding rules, US-CERT drew ideas from leading security experts. The coding standard being develop will provide secure coding rules and recommendations, which reduce insecure coding practices that can create vulnerabilities.
Checkers that examine code for adherence to Build Security In rules will be incorporated into the standard version of CodeSonar. Other features will include support for Windows Vista (incl. x64), Windows 7 (incl. x64), Windows Server 2008 (incl. x64), Windows XP x64, and Windows Server 2003 x64, adding to the set of platforms already supported by CodeSonar: Windows 2000, Windows Server 2003, Windows XP, Linux (x86 and x86-64), Solaris (SPARC, x86, and x86-64), and Mac OS X (x86 and x86-64). Additional features will include improvements to analysis precision, analysis time and the user interface.
More info: GrammaTech