Analyzing and Measuring the Security of Your Embedded Software with Polyspace
By Ram Cherukuri
Secure coding guidelines from CERT C, ISO/IEC TS 17961, MISRA C:2012 Amendment 1, and the security vulnerabilities schematized in CWE provide a way to analyze and measure the security of your embedded software. These standards are gaining more acceptance as they provide a common framework for understanding, addressing, and documenting security vulnerabilities in both existing and newly developed code.
Polyspace® static analysis can analyze existing or new applications to check for violations of the guidelines outlined in these standards. Polyspace Bug Finder™ natively provides various defect checkers to detect security issues that is a superset of guidelines covered by these cybersecurity standards for embedded software.
In R2017a, we provide subsets that map to these individual standards as a single click configuration option. Further, we have extended this mapping to the analysis results so you can review the results in accordance with the rules of a certain standard. This can be documented in the form of security reports to make it easier to check for and demonstrate compliance to a specific standard.
Ask the Expert
Puneet Lal Polyspace Static Analysis Notes Contact Expert