Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type


Publication Date

Collection - Related Assets

SCALe Collection

  • The CERT Division's Source Code Analysis Laboratory (SCALe) offers conformance testing of C and Java language software systems against the CERT C Secure Coding Standard and the CERT Oracle Secure Coding Standard for Java.
  • Secure Coding
  • Publisher: Software Engineering Institute
  • Coding errors cause the majority of software vulnerabilities. For example, 64 percent of the nearly 2,500 vulnerabilities in the National Vulnerability Database in 2004 were caused by programming errors.

    The use of secure coding standards defines a proscriptive set of rules and recommendations by which the source code can be evaluated for compliance. For each secure coding standard, the source code is certified as provably nonconforming, conforming, or provably conforming against each guideline in the standard.

    Provably Nonconforming. The code is provably nonconforming if one or more violations of a rule are discovered for which no deviation has been allowed.

    Conforming. The code is conforming if no violations of a rule can be identified.

    Provably Conforming. The code is provably conforming if the code has been verified to adhere to the rule in all possible cases.

    Evaluation violations of a particular rule ends when a "provably nonconforming" violation is discovered. Most SCALe analysis is performed by static analyzers. In general, determining conformance to coding rules is computationally undecidable. It may be impossible for any tool to determine statically whether a given rule is satisfied in specific circumstances.

    The SCALe Conformance Process

    Source Code Analysis Laboratory (SCALe) consists of commercial, open source, and experimental analysis that is used to analyze various code bases, including those from the DoD, energy delivery systems, medical devices, and more. SCALe provides value to the customer, but it also aids research into the effectiveness of coding rules and analysis.

    The SCALe process consists of the following steps:

    1. Customer submits source code to CERT for analysis.
    2. Source is analyzed in SCALe using various analyzers.
    3. Results are analyzed, validated, and summarized.
    4. Detailed report of findings is provided to guide repairs.
    5. The developer addresses violations and resubmits repaired code.
    6. The code is reassessed to ensure all violations have been properly mitigated.
    7. The certification for the product version is published in a registry of certified systems.

    A goal of conformance testing is to provide an incentive for industry to invest in developing conforming systems by performing conformance testing against CERT secure coding standards, verifying that a software system conforms with a CERT secure coding standard, using the CERT seal when marketing products, and maintaining a certificate registry with the certificates of conforming systems.

    The CERT SCALe Seal

    Developers of software that are determined by the CERT Division to conform to a secure coding standard may use the CERT SCALe seal to describe the conforming software on the developer's website.

    The seal must be specifically tied to the software passing conformance testing and not applied to untested products, the company, or the organization. Use of the CERT SCALe seal is contingent upon the organization entering into a service agreement with Carnegie Mellon University and upon the software being designated by the CERT Division as conforming.

    Except for patches that meet the following criteria, any modification of software after it is designated as conforming voids the conformance designation. Until such software is retested and determined to be conforming, the new software cannot be associated with the CERT SCALe seal.

    Patches that meet all three of the following criteria do not void the conformance designation:

    • The patch is necessary to fix a vulnerability in the code or is necessary for the maintenance of the software.
    • The patch does not introduce new features or functionality.
    • The patch does not introduce a violation of any of the rules in the secure coding standard to which the software has been determined to conform.

    CERT SCALe Certificates

    CERT SCALe certificates contain the name and version of the software system that passed the conformance test and the results of the test. The process is similar to that followed by The Open Group (see

    Initially, all assessments are performed by the CERT Division. In the future, third parties may be accredited to perform certifications.


  • SCALe Analysis of JasPer Codebase April 2015 Author(s): David Svoboda In this paper, David Svoboda provides the findings of a SCALe audit on a codebase.
  • Improving the Automated Detection and Analysis of Secure Coding Violations June 2014 Author(s): Daniel Plakosh, Robert C. Seacord, Robert W. Stoddard, David Svoboda, David Zubrow This technical note describes the accuracy analysis of the Source Code Analysis Laboratory (SCALe) tools and the characteristics of flagged coding violations.
  • Source Code Analysis Laboratory (SCALe) April 2012 Author(s): Robert C. Seacord, Will Dormann, James McCurley, Philip Miller, Robert W. Stoddard, David Svoboda, Jefferson Welch In this report, the authors describe the CERT Program's Source Code Analysis Laboratory (SCALe), a conformance test against secure coding standards.
  • Source Code Analysis Laboratory (SCALe) for Energy Delivery Systems December 2010 Author(s): Robert C. Seacord, Will Dormann, James McCurley, Philip Miller, Robert W. Stoddard, David Svoboda, Jefferson Welch In this report, the authors describe the Source Code Analysis Laboratory (SCALe), which tests software for conformance to CERT secure coding standards.
  • Source Code Analysis Laboratory (SCALe) November 2012 Author(s): Robert C. Seacord In this webinar, Robert Seacord discusses SCALe, a demonstration that software systems can be tested for conformance to secure coding standards.
  • Supporting the Use of CERT Secure Coding Standards in DoD Acquisitions July 2012 Author(s): Timothy Morrow, Robert C. Seacord, John K. Bergey, Philip Miller In this report, the authors provide guidance for helping DoD acquisition programs address software security in acquisitions.
  • Secure Coding - Avoiding Future Security Incidents April 2013 Author(s): Robert C. Seacord In this 2013 webinar, Robert Seacord discusses secure coding as part of preventing security incidents.