Coding errors cause the majority of software vulnerabilities. For example, 64 percent of the nearly 2,500 vulnerabilities in the National Vulnerability Database in 2004 were caused by programming errors. Secure coding standards define a proscriptive set of rules and recommendations that can be used to evaluate source code.
The word SCALe stands for Source Code Analysis Laboratory. SCALe can refer to one or more of the following three artifacts, all of which evaluate source code for its adherence to secure coding standards: SCALe auditing framework, SCALe research prototype, and SCALe code Conformance Testing.
SCALe Auditing Framework
We provide the SCALe auditing framework to many DoD organizations and some non-DoD organizations for their use in evaluating their source code for its adherence to secure coding standards. This framework is provided in install formats delivered online and offline:
- Online formats require Internet connectivity to install third-party packages.
- Offline formats do not require Internet connectivity to install or run. They come with the third-party software included.
SCALe Research Prototype
CERT researchers use the SCALe research prototype for adding new, experimental functionality to the SCALe auditing framework. This prototype is often distributed to collaborators during a project. Eventually, much of the functionality is integrated into the SCALe code repository branch of the SCALe auditing framework.
In CERT research projects, we typically don’t publish a report, and we don’t use the same rules for determining which alerts to audit or which determination options to use as those in SCALe code conformance testing (e.g., those described in these reports):
- Improving the Automated Detection and Analysis of Secure Coding Violations
- Source Code Analysis Laboratory (SCALe)
When using the SCALe research prototype, we don’t audit bucketing or the random choice of alerts, nor do we mark other alerts as ‘suspicious’ once a true alert is determined. We use different sets of determinations, in multiple ways, in the prototype than we use in the auditing framework or as part of code conformance testing.
SCALe Code Conformance Testing
We provide SCALe code conformance testing to those who request the service to evaluate their source code for its adherence to secure coding standards. The testing typically results in a report and sometimes the tested organization earns a CERT SCALe Seal and certificates (if the code is judged to be conforming).
The Recommended Resources on the right provide more detailed information about SCALe. However, be aware that the methods used for SCALe code conformance testing may have changed since these resources were published. For example, only one report mentions the intention of using dynamic analysis in SCALe conformance testing and others discuss a rigorous bucketing process that is not used in SCALe conformance testing. Please contact the Secure Coding group if you have questions about the method currently used.
The SCALe auditing framework, research prototype, and conformance testing use multiple commercial, open-source, and experimental analysis tools to analyze codebases for potential flaws to ensure that they detect more code defects than any single static analysis tool could.
Please understand that most of the resources published about SCALe focus on SCALe code conformance testing and do not mention the SCALe auditing framework or SCALe research prototype.