According to research directed by the National Institute of Security Technology, 64% of software vulnerabilities stem from programming errors. The CWE project aims to better understand flaws in software and to create automated tools that can be used to identify, fix, and prevent those flaws. To help identify core weaknesses contributing to software vulnerabilities, the CWE list of common software weaknesses was created as part of a software assurance strategic initiative co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.
See Which Tools Are Right For Me? for help choosing your customised tool suite.
- LDRA Testbed/TBvision, the core analysis engine of the LDRA tool suite, performs the static analysis required for coding standards enforcement and lets you view the results against any supported industry coding standards. The LDRA tool suite is mapped to the CWE coding rules to identify, reference, and document weaknesses within the code
- The LDRA TBsecure module graphically depicts security coding standards compliance and memory analysis, and automates compliance documentation
- LDRArules is a cost-effective, stand-alone rules checker independent from the LDRA tool suite that is focused on increasing software quality through coding standards compliance, including CWE
This confirms that the tools can identify common programming errors that contribute to exploitable vulnerabilities.
CWE-compatible products and services must meet the following criteria:
- CWE Searchable – Users may search security elements using CWE identifiers
- CWE Output – Security elements presented to users includes, or enables users to obtain, associated CWE identifiers
- Mapping Accuracy – Security elements accurately link to the appropriate CWE identifiers
- CWE Documentation – Capability’s documentation describes CWE, CWE compatibility, and how CWE-related functionality in the capability is used
For every coding standard we support, we offer a complete compliance matrix so you can see exactly which rules are implemented within our tools. You can easily compare tool compliance to multiple versions of the standard, and you can assess compliance for multiple standards.
LDRA’s summary compliance for the CWE standard can be found below and the detailed matrix can be downloaded (registration required).
- Compliance matrix for CWE