Software Engineering Institute

Compilers and source code analysis tools are trusted processes, meaning that a degree of reliance is placed on the output of the tools. Accordingly, developers must ensure that this trust is not misplaced. Ideally, trust should be achieved by the tool supplier running appropriate validation tests such as this validation suite.

The Secure Coding Validation Suite includes tools that allow vendors to use these tests with an analyzer, interpreter, or compiler, along with the test_driver.sh script, and a utility to decipher and display the results as a report. By using this validation suite, vendors can ensure that they have successfully diagnosed rule violations in the suite.

In August 2014, there were 45 rules with associated test files in the Secure Coding Validation Suite. Its functionality and framework for rules testing (and rules reporting) can be augmented with new rules tests. The validation suite is distributed open source with a BSD-style license.