SCALe: Evaluating Source Code for Adherence to Secure Coding Standards
• Fact Sheet
Publisher
Software Engineering Institute
Topic or Tag
Abstract
Static analysis tools produce many alerts with high false-positive rates that an engineer must painstakingly examine to find legitimate flaws. Carnegie Mellon University Software Engineering Institute researchers offer SCALe—Source Code Analysis Laboratory— to help analysts be more efficient and effective at auditing source code for security flaws. SCALe consists of tools and processes developed by CERT researchers to address problems when using multiple static analyzers, since no single analyze finds everything. Each analyzer provides its own interface for managing its alerts, complicating attempts to use multiple analyzers on the same codebase. SCALe has been used to analyze software for the DoD, energy delivery systems, medical devices, and more.
Part of a Collection
Collection of Static Analysis Assets