Detecting security problems – using static analysis to catch them early and less expensively

In my previous post I discussed the potential benefits in quality and costs that static analysis brings to software development. In addition to common coding errors, many of the bugs found by static analysis are potential security defects as well. Buffer overflow, OS command injection, unrestricted string format and integer overflows are among the top 25 most dangerous security coding defects (according to the Common Weakness Enumeration (CWS) from the MITRE organization). These types of defects are common in C and C++ and are dangerous to correct operation in general but also pose significant security threats – often because the right exploit can lead to arbitrary code execution on the target. Once an attacker can execute code on your device, they can gain complete control, which might include reflashing the firmware, installing malware or rewriting the command and control software.

Wind River Edge

VxWorks

Wind River Linux

Wind River Helix Virtualization Platform

Wind River Studio

Pipelines

Virtual Lab

Test Automation

Over-the-Air Updates

Digital Feedback Loop

Cloud Platform

Conductor

Analytics

Industries & Insights

Resource Library

Wind River Studio Services »

Wind River Acceleration Program

Security & Support

Security Center

Support Network

About Wind River »

Detecting security problems – using static analysis to catch them early and less expensively

Wind River Blog

Subscribe

Popular Tags

Disclaimer