Writing Secure Code
Extending static analysis by mining project-specific rules
Proceedings of the 34th International Conference on Software Engineering
Hi-index | 0.00 |
As part of an overall initiative to improve the security aspects in the software used in Motorola's products, training and secure coding standards were developed. The goal is to decrease the number of security vulnerabilities introduced during the coding phase of the software development process. This paper describes the creation of the secure coding standards and the efforts to automate as many of the standards as possible. Originally, the efforts focused on the Inforce tool from Klocwork, as many Motorola business units already used the tool for quality but without the security flags activated. This paper describes the efforts to evaluate, extend, and create the coverage for the secure coding standards with Klocwork. More recently, an opportunity arose which allowed a team to evaluate other static analysis tools as well. This paper also describes the findings from that evaluation.