Source Code Analysis Laboratory (SCALe) for Energy ... - CERT

More documents

Recommendations

Info

3.5 Transition Transition of SCALe to practice will follow the SEI’s transition strategy to grow the concept through engagement with external organizations or SEI partners via a series of deliberate steps. The proof-of-concept phase will occur with a piloting program of SCALe that engages a small number of clients. During this phase, CERT will test and refine processes, procedures, systems, and outputs. After the pilot phase, CERT will engage a small number of additional organizations that will be licensed to sponsor SCALe laboratories within themselves. Each organization will be licensed to perform the assessment, issue the conformance assessment report, report results to CERT, and be subject to annual quality audits of all processes, procedures, hardware, and software. 3.6 Conformance Test Results As of the publication of this report, CERT has completed the analysis of one energy delivery system and begun analyzing a second. 3.6.1 Energy Delivery System A Table 6 shows the flagged nonconformities reported from analysis of the first energy delivery system. The analysis was performed using four static analysis tools supplemented by manual code inspection. Dynamic analysis was not used. CMU/SEI-2010-TR-021 | 32
Table 6: Flagged Nonconformities, Energy Delivery System A Manual Analyzer A Analyzer B Analyzer C Analyzer D Total DCL31-C 0 705 705 DCL32-C 0 119 1 120 DCL35-C 0 51 51 DCL36-C 0 19 19 EXP30-C 0 3 3 EXP34-C 0 54 4 58 EXP36-C 0 24 6 30 EXP37-C 0 49 49 INT31-C 1 4 3,588 3,593 INT35-C 6 0 6 FLP34-C 0 9 9 FLP36-C 0 1 1 ARR30-C 4 2 1 7 STR31-C 3 3 STR36-C 0 6 6 STR37-C 0 1 1 STR38-C 7 7 MEM34-C 0 2 2 FIO30-C 0 12 12 ENV30-C 0 3 3 SIG30-C 1 0 1 CON33-C 1 0 1 MSC31-C 0 1 1 MSC34-C 0 587 587 Total 2 11 16 5,228 18 5,275 The first column marked “Manual” shows violations that were discovered through manual code inspection, while the four columns marked “Analyzer A,” “Analyzer B,” “Analyzer C,” and “Analyzer D” show the number of flagged nonconformities detected by each of the four analysis tools used in this analysis. Table 7 shows the results of analysis of the flagged nonconformities by the SCALe analysts and SCALe lead assessor combined. CMU/SEI-2010-TR-021 | 33
Page 1 and 2: Source Code Analysis Laboratory (SC
Page 3 and 4: Table of Contents Acknowledgments v
Page 5 and 6: List of Figures Figure 1: SCALe Pro
Page 7 and 8: List of Tables Table 1: True Positi
Page 9 and 10: Acknowledgments We would like to ac
Page 11 and 12: Abstract The Source Code Analysis L
Page 13 and 14: 1 Introduction A key mission of the
Page 15 and 16: 1. Client contacts CERT. The prooce
Page 17 and 18: • The CERT C++ Secure Coding Stan
Page 19 and 20: • A floating-point value with all
Page 21 and 22: 2 Conformance Testing This section
Page 23 and 24: Figure 4: SCALe Conformance Tesstin
Page 25 and 26: • De-duplication of crashing test
Page 27 and 28: Handbook of Applied Acceptance Samp
Page 29 and 30: 2.6 Tracking Diagnostics Across Cod
Page 31 and 32: _Pragma(push: tool_a_maybe_foo, dis
Page 33 and 34: processes. A system of review will
Page 35 and 36: diagnostic codes mapped to a repres
Page 37 and 38: ID Rule Group AA AC 1 AC 2 AC 3 AC
Page 39 and 40: lack of confidence with C++. Howeve
Page 41 and 42: 3.1.1 Impartiality CERT resides wit
Page 43: 4. CERT will evaluate any deviation
Page 47 and 48: Table 8: Flagged Nonconformities, E
Page 49 and 50: 4 Related Efforts This section desc
Page 51 and 52: 5 Future Work and Summary 5.1 Futur
Page 53 and 54: Bibliography URLs are valid as of t
Page 55 and 56: [MISRA 2004] Motor Industry Softwar
Page 57: REPORT DOCUMENTATION PAGE Form Appr

Source Code Analysis Laboratory (SCALe) for Energy ... - CERT

Create successful ePaper yourself

Delete template?

Save as template?