Press Release

PRQA Gears Towards “Securely Connecting the Embedded World”


Announces Product Updates and Involvement in the Development of new Software Engineering Tools, Techniques and Methodologies for Multi-threading and Parallelism.

Nuremberg, Germany, 14th March 2017 – PRQA, the leader in the provision of automated static analysis solutions for embedded application development, today announced updates to the QA·C and QA·C++ static analyzers to provide improved security testing for the C and C++ languages.

“The National Institute of Standards and Technology (NIST) estimates that as many as 64% of software vulnerabilities stem from programming errors and not a lack of security features,” said Richard Walker, Sales and Marketing Director, of PRQA. “Our strength lies in addressing these errors. But these updates are just one part of our commitment to improved security. We are also active in working co-operatively to meet future demands.”

New CERT compliance and CWE compatibility modules

The QA·C and QA·C++ static analyzers are complementing MISRA compliance with CERT C, CERT C++ as well as compatibility for CWE (Common Weakness Enumeration) C and CWE C++. Compliance and compatibility enforcement can be applied to both new and legacy source code, increasing code reusability and decreasing time to market.

Robert Seacord, founder of the Secure Coding Institute, commented:“PRQA’s QA·C analyzer is effective at discovering violations of The CERT® C Coding Standard that were not discovered through 20 years of testing or by other static analysis tools”. And he continues, “Overall, the QA·C analyzer is an effective tool for eliminating secure coding flaws that can easily lead to software vulnerabilities.”

RePhrase Project – Developing new methodologies, techniques and tools for Multi-threading and Parallelism

PRQA is one of the members of the RePhrase (Refactoring Parallel Heterogeneous Resource-Aware Applications) project, an EU Horizon 2020 research project aiming to produce a complete flow of software engineering methodology, techniques and tools for developing data-intensive applications in C++, targeting heterogeneous multicore/manycore systems that combine CPUs and GPUs into a coherent parallel platform. One of the tasks is to create a safe and secure C++ subset of the C++ language based on best practice for multi-threading and parallelism.

This is now in draft and PRQA is seeking technical reviewers before it will be officially published in the summer 2017. Evgueni Kolossov, R&D Director at PRQA is leading the project and is available at the show to talk in more detail about the RePhrase project.

embedded world 2017

The embedded world 2017 Conference has the theme Securely Connecting the Embedded World. PRQA is echoing this theme, with an approach which advocates that if you wish to securely connect the embedded world, you will need to consider the following:

  1. Quality isn’t equal to security, you cannot rely on high quality code alone, addressing software security requires a combination of people, process and technology
  2. You need to detect and correct defects early in the development lifecycle stage to avoid expensive costs and delays
  3. You need to ensure your source code is reliable, safe and secure

 
Media Contacts

PRQA | PROGRAMMING RESEARCH
Fran Buchmann
Email: fran_buchmann@prqa.com
Tel: +44 1932 888 080

Napier Partnership Limited
Suzy Kenyon, PR Agent for Programming Research
Email: suzy@napier.co.uk
Tel: +44 1243 531 123