icon-carat-right menu search cmu-wordmark

SCALe: Evaluating Source Code for Adherence to Secure Coding Standards

Fact Sheet
SCALe conformance testing provides organizations with an evaluation of their source code for its adherence to secure coding standards.
Publisher

Software Engineering Institute

Abstract

Static analysis tools produce many alerts with high false-positive rates that an engineer must painstakingly examine to find legitimate flaws. Carnegie Mellon University Software Engineering Institute researchers offer SCALe—Source Code Analysis Laboratory— to help analysts be more efficient and effective at auditing source code for security flaws. SCALe consists of tools and processes developed by CERT researchers to address problems when using multiple static analyzers, since no single analyze finds everything. Each analyzer provides its own interface for managing its alerts, complicating attempts to use multiple analyzers on the same codebase. SCALe has been used to analyze software for the DoD, energy delivery systems, medical devices, and more.