Coding errors cause the majority of software vulnerabilities. For example, 64 percent of the nearly 2,500 vulnerabilities in the National Vulnerability Database in 2004 were caused by programming errors.
The use of secure coding standards defines a proscriptive set of rules and recommendations by which the source code can be evaluated for compliance. For each secure coding standard, the source code is certified as provably nonconforming, conforming, or provably conforming against each guideline in the standard.
Provably Nonconforming. The code is provably nonconforming if one or more violations of a rule are discovered for which no deviation has been allowed.
Conforming. The code is conforming if no violations of a rule can be identified.
Provably Conforming. The code is provably conforming if the code has been verified to adhere to the rule in all possible cases.
Evaluation violations of a particular rule ends when a "provably nonconforming" violation is discovered. Most SCALe analysis is performed by static analyzers. In general, determining conformance to coding rules is computationally undecidable. It may be impossible for any tool to determine statically whether a given rule is satisfied in specific circumstances.
The SCALe Conformance Process
Source Code Analysis Laboratory (SCALe) consists of commercial, open source, and experimental analysis that is used to analyze various code bases, including those from the DoD, energy delivery systems, medical devices, and more. SCALe provides value to the customer, but it also aids research into the effectiveness of coding rules and analysis.
The SCALe process consists of the following steps:
A goal of conformance testing is to provide an incentive for industry to invest in developing conforming systems by performing conformance testing against CERT secure coding standards, verifying that a software system conforms with a CERT secure coding standard, using the CERT seal when marketing products, and maintaining a certificate registry with the certificates of conforming systems.
The CERT SCALe Seal
Developers of software that are determined by the CERT Division to conform to a secure coding standard may use the CERT SCALe seal to describe the conforming software on the developer's website.
The seal must be specifically tied to the software passing conformance testing and not applied to untested products, the company, or the organization. Use of the CERT SCALe seal is contingent upon the organization entering into a service agreement with Carnegie Mellon University and upon the software being designated by the CERT Division as conforming.
Except for patches that meet the following criteria, any modification of software after it is designated as conforming voids the conformance designation. Until such software is retested and determined to be conforming, the new software cannot be associated with the CERT SCALe seal.
Patches that meet all three of the following criteria do not void the conformance designation:
CERT SCALe Certificates
CERT SCALe certificates contain the name and version of the software system that passed the conformance test and the results of the test. The process is similar to that followed by The Open Group (see http://www.opengroup.org/collaboration-services/certification.html).
Initially, all assessments are performed by the CERT Division. In the future, third parties may be accredited to perform certifications.