Carnegie Mellon University’s Software Engineering Institute (SEI) released a new opensource tool to aid software testers. On August 15, the Institute’s CERT division announced the release of its Source Code Analysis Laboratory (SCALe), allowing developers to audit software in any source code language. The SCALe application can be used to identify source code flaws that may lead to vulnerabilities. Alerts can be analysed in-browser, using an interface that prioritises alerts and provides supplementary information that can find fixes faster. By using output from multiple flaw-finding static analysis tools, SCALe can be used to efficiently analyse more code defects than a single static analysis tool would find, according to a statement released by SEI. “Using multiple static analysis tools can greatly increase the types of flaws found,” said Lori Flynn, senior software security researcher at the SEI. “The alerts must be examined by an expert who determines whether each alert represents an actual code defect. Typically there are too many alerts, and not all can be manually examined. The SCALe system is designed to make this process easier.
Menu
Menu
