Embedded Toolbox: Towards DevSecOps with Static & Dynamic Analysis
March 04, 2021
Almost every industry is now connected, and, therefore, now susceptible to more digital risk than ever before. This risk can come in the form of malware, hackers, or even just bugs that result in the unexpected behavior of systems that are now more visible to the rest of the world.
As a result, the importance of safe and secure engineering has increased, especially for technology suppliers. As time to market pressures increase in parallel with security concerns, developers dealing with moderate or large-sized codebases must learn how to automate the software testing and QA process if they hope to deliver reliable code on any sort of schedule.
However, automation can be both a gift and a curse, especially in safety- and security critical industries where traditional development techniques have been the status quo for decades.
Tune in to this episode of Embedded Toolbox as LDRA's Jim McElroy and Jay Thomas demonstrate how industry coding standards like CERT C, MISRA C, and AUTOSAR, when combined with the appropriate tools, can simplify the process of developing safe and robust code on time, within budget, and under compliance.
Using an example of code that violates CERT-C's DCL30-C rule for declaring objects with appropriate storage solutions – a violation that is likely but can be severe with high remediation costs – Jay shows how you can quickly identify and remediate issues inside the TBvision analysis environment and cross-reference how and if a violation in one standard correlates to possible violations in other standards used in the same project, and fix those as well.
He then moves on to reveal how automated unit testing allows him to conduct fuzz testing on the fly.
Is DevSecOps is on your horizon? Here are some tools and methodologies to get there. Tune in.