Criteria for Selecting the Right Assurance Tools for Your Project

...

Introduction:

When it comes to software assurance, choosing the right tools can make all the difference. In this article, we’ll share the key criteria to consider when selecting assurance tools, based on the “CEST Assurance Study.” By understanding these criteria, you can make a more informed decision and ensure that your assurance tools will be effective in addressing your project’s specific needs.

Criteria

  1. Focus on Specific Test Cases: The CEST Assurance Study outlined a list of recommended test cases for software assurance in the telco and automotive industries. By focusing on these specific test cases, you can ensure that your chosen tools will effectively address the most critical areas of your software.
  2. Define Selection Criteria: To find the right tools, establish a set of criteria to guide your selection process. The CEST Assurance Study followed a three-step approach:
    1. Identify the Right Tool Types for each test case, such as:
      • Indented item
      • Static source code analysis tools
      • Binary code scanners
      • Software Component Analysis (SCA) on binary tools
    2. Find a selection through literature study
    3. Limit selection through hands-on examination
  3. Use Open Source: Open source tools often provide cost-effective and widely-supported solutions. When possible, prioritize open source options for your assurance needs. For the CEST prototype open source is used as a means to increase trust in the platform and the resulting reports.
  4. Consider Programming Languages: Ensure that the tools you select can work with the programming languages used in your project, such as C/C++ source code and binary.
  5. Choose Widely Used and State-of-the-Art Tools: Select tools that are widely used and considered state-of-the-art, as these tools are more likely to have been tested and refined through real-world use.
  6. Evaluate Tools Based on Specific Criteria: Look for tools that analyze code based on different criteria, such as pattern matching, and compliance with standards like SEI CERT and MISRA. This will help ensure that your chosen tools provide a comprehensive assessment of your software.

Conclusion:

Selecting the right assurance tools is essential for the success of your project. By using these criteria to guide your selection process, you can ensure that your chosen tools will effectively address the specific needs of your software and help you maintain the highest level of quality and security. Find out what tools CEST uses