TalkSecure

CodeSonar® Certified CWE Compatible

Posted on

by

ITHACA, NY — CodeSecure CodeSonar®, a static analysis tool for identifying flaws and vulnerabilities in source code, has received a Certificate of Compatibility from the Common Weakness Enumeration (CWE) program. CWE, developed by the MITRE Corporation under the sponsorship of the National Cyber Security Division of the Department of Homeland Security, provides a standard language for describing software security weaknesses.

CodeSecure is one of only five organizations to have received certificates in this first round of awards, which recognize products that support CWE to the highest level currently recognized by the organization. Official “CWE-Compatible” certification acknowledges the degree to which CWE’s standard identifiers have been integrated into CodeSonar. This integration makes CodeSonar a particularly effective choice for projects that are making use of the CWE program.

– Users can search for CodeSonar warnings associated with specific CWE identifiers. For example, a search for “CWE:416” will return all “Use After Free” warnings.
– The CWE identifiers associated with CodeSonar warnings are displayed in their individual warning reports, and is also available in tables of warnings.
– The mapping between CWE identifiers and CodeSonar warning classes has been determined to be accurate.
– CodeSonar’s documentation fully describes the available CWE-related functionality.

“The CWE initiative is an important piece in the software security puzzle, and we place a high value on being part of the CWE community,” said Paul Anderson, VP of Engineering, CodeSecure. “A shared vocabulary is critical if people, organizations, and tools are to cooperate in addressing current and future software problems.”

The CWE press release about the awards is available on the MITRE website.

About The MITRE Corporation

The MITRE Corporation is a not-for-profit organization that provides systems engineering, research and development, and information technology support to the government. It operates federally funded research and development centers for the Department of Defense, the Federal Aviation Administration, the Internal Revenue Service and Department of Veterans Affairs, the Department of Homeland Security, and the Administrative Office of the U.S. Courts, with principal locations in Bedford, Mass., and McLean, Va. To learn more, visit www.mitre.org.

About CodeSecure:
CodeSecure’s static analysis tools are used worldwide by startups, Fortune 500 companies, educational institutions, and government agencies. The staff includes fourteen researchers with PhDs in programming languages and program analysis.

Related Posts

Check out all of CodeSecure’s resources and stay informed.

view all posts

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now