AdaCore’s CodePeer Officially Registered as CWE-Compatible

AdaCore recently announced that its CodePeer advanced static analysis tool for Ada has been formally designated as “CWE-Compatible” by the MITRE Corporation’s Common Weakness Enumeration (CWE) Compatibility and Effectiveness Program. This program is a web-based initiative that consolidates and organizes information about cyber-security products and services.

“It’s a great achievement to have CodePeer officially recognized as CWE compatible, which confirms that the tool can detect the most frequent types of software vulnerability,” said Arnaud Charlet, AdaCore technical director and CodePeer product manager. “CodePeer’s deep analysis of Ada code supports a wide range of uses including coding standard checking, automated code review, and exhaustive detection of certain CWE weaknesses as well as other kinds of error.”

CodePeer was recognized as CWE-Compatible based on its ability to detect the following code weaknesses, which are among the CWE’s Top 25 Most Dangerous Software Errors:

• CWE-120 (Classic Buffer Overflow)
  “The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.”
• CWE-131 (Incorrect Calculation of Buffer Size)
  “The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.”
• CWE-190 (Integer Overflow or Wraparound)
  “The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.”

A number of other CWE weaknesses are also detected by CodePeer: