skip to main content
research-article

Static analysis tools for security checking in code at Motorola

Published:01 April 2008Publication History
Skip Abstract Section

Abstract

As part of an overall initiative to improve the security aspects in the software used in Motorola's products, training and secure coding standards were developed. The goal is to decrease the number of security vulnerabilities introduced during the coding phase of the software development process. This paper describes the creation of the secure coding standards and the efforts to automate as many of the standards as possible.

Originally, the efforts focused on the Inforce tool from Klocwork, as many Motorola business units already used the tool for quality but without the security flags activated. This paper describes the efforts to evaluate, extend, and create the coverage for the secure coding standards with Klocwork. More recently, an opportunity arose which allowed a team to evaluate other static analysis tools as well. This paper also describes the findings from that evaluation.

References

  1. Kratkiewicz, K. J. (May, 2005). Diagnostic Test Suite for Evaluating Buffer Overflow Detection Tools -- the companion test suite for "Evaluating Static Analysis Tools for Detecting Buffer Overflows in C Code. Retrieved September 11, 2007 from http://www.ll.mit.edu/IST/pubs/KratkiewiczThesis.pdfGoogle ScholarGoogle Scholar
  2. Howard, M., and LeBlanc, D. (2003). Writing Secure Code. Redmond, Washington: Microsoft Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Wikipedia (N.D.) Definition of Memory Leak. Retrieved September 11, 2007 from <http://en.wikipedia.org/wiki/Memory_leak>Google ScholarGoogle Scholar
  4. Software Diagnotics and Conformance Testing Division. (July 2005,) SAMATE- Software Assurance Metrics and Tool Evaluation. Retrieved September 11, 2007 from http://samate.nist.gov/index.php/Main_PageGoogle ScholarGoogle Scholar

Index Terms

  1. Static analysis tools for security checking in code at Motorola

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          • Published in

            cover image ACM SIGAda Ada Letters
            ACM SIGAda Ada Letters  Volume XXVIII, Issue 1
            April 2008
            74 pages
            ISSN:1094-3641
            DOI:10.1145/1387830
            Issue’s Table of Contents

            Copyright © 2008 Authors

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 1 April 2008

            Check for updates

            Qualifiers

            • research-article

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!