Addressing Security Vulnerabilities in Embedded Applications Using Best Practice Software Development Processes and Standards

Every day we read about cyber attacks perpetrated against individuals, corporations, or governments. In fact, attacks against embedded systems could lead to wide-scale damage to critical infrastructure, including power generation, oil and gas refining, telecommunications, transportation, and water and waste control systems. With today’s increasingly large and complex code bases, software developers cannot rely on manual inspection and code review alone. Automated static analysis enables organizations to cut costs and speed development by enforcing coding standards, streamlining code reviews, and improving overall system security before a product is released. This white paper offers an introduction to applying CWE coding guidelines and achieving CERT security compliance using static analysis tool.