SCALe
SCALe provides an operational capability for application conformance testing to satisfy the demand for source code assessments for government and industry. CERT uses the SCALe to assess client source code against one or more secure coding standards, following the process shown below. The customer receives a detailed report of the findings so that the developers can address them. Once that happens, the SCALe issues and certifies the conformance test results.
Conformance Testing Process
For each rule, recommendation, and guideline, the source code is certified as provably nonconforming, deviating, conforming, or provably conforming:
- The code is provably nonconforming if one or more violations of a rule are discovered for which no deviation has been specified.
- Deviating code is code for which the application developer has a documented deviation. This documentation is included with the certification.
- The code is conforming if no violations of a rule could be identified.
- Finally, the code is provably conforming if the code has been verified to adhere to the rule in all possible cases.
Once the process is completed, a report detailing the conformance or nonconformance for each secure coding rule, recommendation, or guideline is provided to the customer.
SCALe depends on
|
|
