Secure Coding Tools
CERT researchers develop tools that help software developers reduce the number of vulnerabilities in their code. Our tools listed below are available for free download by the public.
Clang Thread Safety Analysis is a tool, collaboratively developed by the CERT Secure Coding Initiative and Google, that uses annotations to declare and enforce thread safety policies in C and C++ programs.
The Compiler-Enforced Buffer Overflow Elimination tool is a research prototype that prevents buffer overflows in multithreaded code and has additional features not found in other memory safety mechanisms.
DidFail uses static analysis to detect potential leaks of sensitive information within a set of Android apps.
The CERT Division's Rosecheckers tool performs static analysis on C/C++ source files. It is designed to enforce the rules in the CERT C Coding standard. Rosecheckers finds some C coding errors that other static analysis tools do not.
The Secure Coding Validation Suite is a set of tests developed by CERT to validate the rules defined in ISO/IEC TS 17961. These tests are based on the examples in this technical specification and are distributed with a BSD-style license.
The as-if infinitely ranged (AIR) integer model provides a mostly-automated mechanism for eliminating integer overflow, truncation, and other integer-related exception-creating conditions. The runtime overhead of the AIR integer model is low enough for typical applications to enable it in deployed systems for additional runtime protection.