Source Code Analysis Laboratory (SCALe) for Energy Delivery Systems

Abstract : The Source Code Analysis Laboratory (SCALe) is an operational capability that tests software applications for conformance to one of the CERT(registered name) secure coding standards. CERT secure coding standards provide a detailed enumeration of coding errors that have resulted in vulnerabilities for commonly used software development languages. The SCALe team at CERT, a program of Carnegie Mellon University's Software Engineering Institute, analyzes a developer's source code and provides a detailed report of findings to guide the code's repair. After the developer has addressed these findings and the SCALe team determines that the product version conforms to the standard, CERT issues the developer a certificate and lists the system in a registry of conforming systems. This report details the SCALe process and provides an analysis of energy delivery systems. Though SCALe can be used in various capacities, it is particularly significant for conformance testing of energy delivery systems because of their critical importance.

[1]  Robert C. Seacord,et al.  The Cert Oracle Secure Coding Standard for Java , 2011 .

[2]  Timothy Wilson,et al.  As-If Infinitely Ranged Integer Model , 2010, 2010 IEEE 21st International Symposium on Software Reliability Engineering.

[3]  Aurelien Delaitre,et al.  The Second Static Analysis Tool Exposition (SATE) 2009 , 2010 .

[4]  Vadim Okun,et al.  Static Analysis Tool Exposition (SATE) 2008 | NIST , 2009 .

[5]  Jared D. DeMott,et al.  Fuzzing for Software Security Testing and Quality Assurance , 2008 .

[6]  E Hicham,et al.  Failure Mode and Effects Analysis (FMEA) , 2007 .

[7]  Alexander von Eye,et al.  Analyzing Rater Agreement: Manifest Variable Methods , 2004 .

[8]  Pascal Meunier,et al.  Can source code auditing software identify common vulnerabilities and be used to evaluate software security? , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[9]  Grace A. Lewis,et al.  Modernizing Legacy Systems - Software Technologies, Engineering Processes, and Business Practices , 2003, SEI series in software engineering.

[10]  Kenneth S. Stephens,et al.  The Handbook Of Applied Acceptance Sampling: Plans, Procedures And Principles , 2001 .

[11]  J. R. Landis,et al.  The measurement of observer agreement for categorical data. , 1977, Biometrics.

[12]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[13]  Robert C. Seacord,et al.  Supporting the Use of CERT ® Secure Coding Standards in DoD Acquisitions , 2012 .

[14]  Robert A. Martin,et al.  Vulnerability Type Distributions in CVE , 2007 .

[15]  R. Seacord,et al.  Secure Coding Standards , 2006 .

[16]  Thomas Plum,et al.  Eliminating Buffer Overflows , Using the Compiler or a Standalone Tool , 2005 .

[17]  Report Documentation Page Form Approved Omb No. 0704-0188 Please 00 Not Return Your Form to the above Organization. 1. Report Date (dd-mm-yyyy) Final Technical Report 230391 5e Task Number 5f. Work Unit Number 7. Performing Organization Name(s) and Address(es) , 2022 .