Common Weakness Enumeration (CWE) Secure Coding Standards Compliance
The Common Weakness Enumeration (CWE) was created to assure organisations that the software products they acquire and develop are free from known types of programming errors. CWE compatibility recognises the ability of the LDRA Testbed and TBvision static and dynamic analysis tools to help find security flaws and weaknesses in code and aid the development of secure software applications.
According to research directed by the National Institute of Security Technology, 64% of software vulnerabilities stem from programming errors. The CWE project aims to better understand flaws in software and to create automated tools that can be used to identify, fix, and prevent those flaws. To help identify core weaknesses contributing to software vulnerabilities, the CWE list of common software weaknesses was created as part of a software assurance strategic initiative co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.
CWE Secure Coding Standards Tools from LDRA
- LDRA Testbed/TBvision, the core analysis engine of the LDRA tool suite, performs the static analysis required for coding standards enforcement and lets you view the results against any supported industry coding standards. The LDRA tool suite is mapped to the CWE coding rules to identify, reference, and document weaknesses within the code
- The LDRA TBsecure module graphically depicts security coding standards compliance and memory analysis, and automates compliance documentation
- LDRArules is a cost-effective, stand-alone rules checker independent from the LDRA tool suite that is focused on increasing software quality through coding standards compliance, including CWE
LDRA has achieved Common Weakness Enumeration (CWE) compatibility for the LDRA tool suite
This confirms that the tools can identify common programming errors that contribute to exploitable vulnerabilities.
CWE-compatible products and services must meet the following criteria:
- CWE Searchable - Users may search security elements using CWE identifiers
- CWE Output - Security elements presented to users includes, or enables users to obtain, associated CWE identifiers
- Mapping Accuracy - Security elements accurately link to the appropriate CWE identifiers
- CWE Documentation - Capability's documentation describes CWE, CWE compatibility, and how CWE-related functionality in the capability is used
LDRA Offers Complete Transparency on Coding Standards Support
For every coding standard we support, we offer a complete compliance matrix so you can see exactly which rules are implemented within our tools. You can easily compare tool compliance to multiple versions of the standard, and you can assess compliance for multiple standards.
LDRA's summary compliance for the CWE standard can be found below and the detailed matrix can be downloaded (registration required).