August 2013

As one of the oldest “modern” programming languages, C++ is a relatively mature language and as such there are plenty of tools available for C++ static code analysis. In many cases the choice of which tool you use will be … Read More

C# is a well-established development language and as such there are many options for Csharp static code analysis. When you ask developers what they’re looking for in static code analysis, it almost always comes down to the quality of the … Read More

Bamboo is a continuous integration server from Atlassian. Its purpose is to provide developers with an environment which quickly compiles code for testing so that release cycles can be quickly implemented in production, while giving full traceability from the feature … Read More

What is CVE? CVE, which stands for Common Vulnerabilities and Exposures, is an encyclopedia of  unique, publicly known security vulnerabilities and exposures maintained by the MITRE Corporation. The database, which was launched in 1999, is free and available for public … Read More

The Common Weakness Enumeration Specification, shortened as CWE, is an formal list of common, real-world software vulnerabilities to offer one common language to all the different entities developing and securing software. CWE’s ultimate goal is to help the security testing industry … Read More

CERT is a non-profit program that was developed by the Carnegie Mellon University in their Software Engineering Institute. It focuses on the practices associated with online application security and vulnerability identification with the goal of helping to improve the security … Read More

The Software Assurance Metrics and Tool Evaluation (SAMATE) is a project developed by the National Institute of Standards and Technology to allow for better methods to be developed and deployed for software assurance. The project has specific goals to develop … Read More