High Integrity Software: The SPARK Approach to Safety and Security
High Integrity Software: The SPARK Approach to Safety and Security
| Hi-index | 0.01 |
Software vulnerabilities are defined as a property of a system's security requirements, design, implementation, or operation that could be accidentally triggered or intentionally exploited and result in a security failure [1]. Many organizations throughout the world are studying software vulnerabilities and how they allow software applications to be infiltrated and corrupted. The Common Weakness Enumeration (CWE) [2] is a collection of standard, measurable weaknesses that may be used to assess software tools and services. The CWE may be also be used to document known vulnerabilities and improve communication between parties working on software assurance. The SPARK programming language and toolset [3, 4] is designed for the development of high assurance software. The SPARK programming language is a subset of the Ada programming language plus a collection of annotations intended to provide a programming language that is unambiguous, free from implementation dependencies, and formally defined. Used together, the SPARK language and toolset enable the prevention and elimination of defects in source code during the development of the code. This paper presents an analysis of the SPARK programming language against a collection of CWEs.