TechOnline | Making Source Code Analysis Part of the Security Review Process

CMP - United Business Media

TechOnline

Welcome, Guest

Design Center

Learning Center

Product Center

Company Directory

Site Features

TechOnline > Electronics Company Directory > Technical Paper


Technical Papers

Making Source Code Analysis Part of the Security Review Process

Click to Download	2007 Embedded Systems Conference 142 KB (15 pages) April 05, 2007

Brian Chess and Jacob West Fortify Software Tools that assist with security review are fundamentally different from most other kinds of software development tools. But the need for software security rarely creates the kind of urgency that leads a programmer to run a debugger. For this reason, an organization needs to plan out who will conduct security reviews, when the reviews will take place, and what will be done with the results. Static analysis tools should be part of the planning because they can make the review process significantly more efficient. In this chapter, we will explore two perspectives on code review. In the first, we look at the steps involved in performing a single review and the most common problem that review teams run into: debates about exploitability. In the second, we look at the choices an organization needs to make in order to integrate security review (and the accompanying tools) into the software development process. This includes deciding who will run the tool, when they'll run it, and what will happen to the results. We will also look at metrics derived from static analysis results.

Related Companies

	Embedded Systems Conference (ESC)
	Fortify Software


		Related Content

		TECH PAPER 1. Use Rowley CrossWorks and the MAXQ3120 Evaluation Kit to Create a Light Meter Application TECH PAPER 2. System ACE Configuration Solution for Xilinx FPGAs TECH PAPER 3. Interface Products Design Guide TECH PAPER 4. Maintaining Data/Clock Synchronization with Spread-Spectrum EMI Reduction


		Most Popular Technical Papers
		1. Analog Circuits: World Class Design, Part 1 2. Analog Circuits: World Class Design, Part 2 3. How to Use USB without Knowing USB 4. dB or not dB? Everything You Ever Wanted to Know About Decibels But Were Afraid to Ask 5. Battery Chargers Catalog MORE MOST POPULAR TECHNICAL PAPERS


		Highest Rated Technical Papers
		1. Migrating Code Between ColdFire V1 and V2 2. dB or not dB? Was Sie schon immer zum Rechnen mit dB wissen wollten 3. Operating System with Priority Functions and Priority Objects 4. dB or not dB? Everything You Ever Wanted to Know About Decibels But Were Afraid to Ask 5. First Steps with Embedded Systems MORE HIGHEST RATED TECHNICAL PAPERS



		TechOnline Communities

		Audio DesignLine \| Automotive DesignLine \| CommsDesign \| Digital Home DesignLine \| DSP DesignLine \| EDA DesignLine eeProductCenter \| Green SupplyLine \| Industrial Control DesignLine \| Mobile Handset DesignLine \| Planet Analog \| Power Management DesignLine Programmable Logic DesignLine \| RF DesignLine \| Teardown.com \| TechOnline \| Video/Imaging DesignLine \| Wireless Net DesignLine

		EE Times

		United States \| Asia \| China \| Europe \| France \| Germany \| India \| Japan \| Korea \| Taiwan \| United Kingdom \| EE Times Supply Network

		Additional Network Sites

		Analog Europe \| Automotive Designline Europe \| DeepChip \| Design & Reuse \| Electronik iNorden \| Embedded.com Industrial Control Europe \| Microwave Engineering Europe \| Portelligent \| Power Management Designline Europe RFID World \| Semiconductor Insights

All materials on this site Copyright © 2009 TechInsights, a Division of United Business Media LLC All rights reserved.

Privacy Statement | Your California Privacy Rights | Terms of Service