Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings

LDRA Takes Leadership Role in Security Compliance

By atesmeh | July 19, 2011

Share

Military Embedded Systems recognizes LDRA’s CWE offering with Editor’s Choice Award

Wirral, UK, July 19, 2011. LDRA won the attention of Military Embedded Systems (MES) editors with its announcement that the LDRA tool suite is now capable of testing software for Common Weakness Enumeration (CWE) Compatibility. By awarding the Editor’s Choice award to this announcement, MES recognizes both the criticality of security in today’s increasingly connected systems and LDRA’s leadership in preventing the catastrophic impact a security breach can cause to a company’s revenue, brand and customer trust.

The CWE project involves an international, community-developed formal list of common software weaknesses. Sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security, the CWE project aims to better understand flaws in software and to create automated tools that can be used to identify, fix and prevent those flaws. For the LDRA tool suite, CWE Compatibility ensures companies can eliminate most security vulnerabilities early in the development lifecycle, lower downstream testing costs, and mitigate the risk of a devastating security breach.

“In an increasingly connected world, systems fundamental to our infrastructure such as our power grid, communications and finances are vulnerable to external attack,” noted Sharon Hess, OpenSystems Media, Assistant Managing Editor, Military and Aerospace Group. “Unfortunately, much of our vulnerability stems from exploitation of coding errors. Such errors could easily be avoided by implementing security standards that tools such as the LDRA tool suite can enforce through static analysis, dynamic analysis and unit testing.”

LDRA’s commitment to software security is a natural extension to a 35-year commitment to programming standards and industry certification. From its inception, LDRA has advocated for software quality by design, a mantra VDC Research applied to security in its blog “The New (Read: Old) Demon of Embedded Device Development.” VDC asserted, “To focus on the ‘secure by design’ methods, which we believe to be a critical first step to secure device deployment, we view there to be three distinct approaches: development tools targeted at precluding the introduction of security vulnerabilities, testing tools, and the implementation of specific run-time software (e.g. RTOS, hypervisor, etc.).”

“Research at the National Institute of Security Technology indicates that 64% of software vulnerabilities stem from programming errors,” notes Ian Hennell, LDRA Operations Director. “Because of this, our goal is to encourage development teams to program security in by starting at the requirements level and applying security standards throughout the entire development lifecycle. Such a proactive stance mitigates risk, dramatically cuts costs and enables teams to identify errors early instead of at the systems level where it’s much more expensive to correct those errors.”

LDRA addresses security in all aspects of the LDRA tool suite. CWE compatibility is enforced via static and dynamic analysis as well as during unit testing. This same level of enforcement extends to the CERT C Secure Coding standard which aims to eliminate insecure coding practises and undefined behaviours that lead to exploitable vulnerabilities.

Both CWE and CERT C are managed by LDRA’s TBsecure which interfaces with the LDRA tool suite to easily show how source code performs against security vulnerabilities, fault-detection and adherence to the required security standards. Findings from TBsecure’s application of CERT C and CWE coding rules graphically illustrate code quality, fault detection and avoidance measures through call graphs, flow graphs and code review reports. Managers and team developers can collectively monitor the implementation of security metrics in their applications in an easy-to-read, intuitive format.

“Enforcing security standards represents the same commitment to software quality that LDRA has advocated for more than 35 years,” added Hennell. “LDRA champions software quality not only in the tools it produces, but by committing executive and field application engineer involvement in the technical committees of nine standards committees.”


Filed Under: Aerospace + defense

 

Related Articles Read More >

Mars helicopter receives Collier Trophy
Flexible rotary shafts to power Delta Airlines’ engines powering their first Airbus A321neo aircraft
Ontic acquires Servotek and Westcon product lines from Marsh Bellofram
Flexible rotary shafts support thrust reverser on 150 LEAP 1-A turbofan engines

DESIGN GUIDE LIBRARY

“motion

Enews Sign Up

Motion Control Classroom

Design World Digital Edition

cover

Browse the most current issue of Design World and back issues in an easy to use high quality format. Clip, share and download with the leading design engineering magazine today.

EDABoard the Forum for Electronics

Top global problem solving EE forum covering Microcontrollers, DSP, Networking, Analog and Digital Design, RF, Power Electronics, PCB Routing and much more

EDABoard: Forum for electronics

Sponsored Content

  • Renishaw next-generation FORTiS™ enclosed linear encoders offer enhanced metrology and reliability for machine tools
  • WAGO’s smartDESIGNER Online Provides Seamless Progression for Projects
  • Epoxy Certified for UL 1203 Standard
  • The Importance of Industrial Cable Resistance to Chemicals and Oils
  • Optimize, streamline and increase production capacity with pallet-handling conveyor systems
  • Global supply needs drive increased manufacturing footprint development

Design World Podcasts

June 12, 2022
How to avoid over engineering a part
See More >
Engineering Exchange

The Engineering Exchange is a global educational networking community for engineers.

Connect, share, and learn today »

Design World
  • Advertising
  • About us
  • Contact
  • Manage your Design World Subscription
  • Subscribe
  • Design World Digital Network
  • Engineering White Papers
  • LEAP AWARDS

Copyright © 2022 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings