Clang Thread Safety Analysis is a tool, collaboratively developed by the CERT Secure Coding Initiative and Google, that uses annotations to declare and enforce thread safety policies in C and C++ programs.
The Compiler-Enforced Buffer Overflow Elimination tool is a research prototype that prevents buffer overflows in multithreaded code and has additional features not found in other memory safety mechanisms.
The CERT Division's Rosecheckers tool performs static analysis on C/C++ source files. It is designed to enforce the rules in the CERT C Coding standard. Rosecheckers finds some C coding errors that other static analysis tools do not.
The Secure Coding Validation Suite is a set of tests developed by CERT to validate the rules defined in ISO/IEC TS 17961. These tests are based on the examples in this technical specification and are distributed with a BSD-style license.
The as-if infinitely ranged (AIR) integer model provides a mostly-automated mechanism for eliminating integer overflow, truncation, and other integer-related exception-creating conditions. The runtime overhead of the AIR integer model is low enough for typical applications to enable it in deployed systems for additional runtime protection.
Ask Us for Help
Contact us for more information and advice about using these tools.
The Vulnerability Analysis team helps engineers reduce security risks posed by software vulnerabilities. The team addresses vulnerabilities in software being developed as well as in software already deployed.