A provider of advanced software analysis tools, TrustInSoft has commended an initiative by the Cybersecurity and Infrastructure Security Agency (CISA) to identify and address key security practices for enhancing the quality and safety of software products, especially those using C and C++ across industries such as automotive, aerospace, defense, consumer electronics, and IoT industries.
TrustInSoft cited a document recently published by the U.S. Department of Homeland Security on product security bad practices (docket CISA-2024-0028) focussing on particular areas pertaining to memory-unsafe languages like C and C++ and offered constructive comments to help inform ongoing cybersecurity developments.
“While memory-related vulnerabilities indeed remain a major security concern, we would like to highlight the continued relevance of C and C++,” wrote Benjamin Monate, Chief Technical Officer, TrustInSoft.
Monate elaborated, writing that, “C and C++ languages have a vast repository of well-established libraries that are extensively used across numerous industries. Many organizations rely on these libraries to deliver robust functionality, and transitioning to a new programming language would demand significant cost and effort, especially for regulated sectors requiring specific certifications and compliance.”
Monate added that modern, next-generation sound and exhaustive static analyzers such as TrustInSoft Analyzer (TISA) support CISA’s software security efforts by offering tools that mathematically prove the absence of memory-related vulnerabilities in software written in C and C++.
These tools are capable of scaling large codebases and offer comprehensive detection of undefined behaviors, including memory safety vulnerabilities. Such analyzers have matured to a level where they can be incorporated at various stages of the software development lifecycle (SDLC) and can be invaluable for the vast number of organizations that rely on C and C++.
TISA differs from other tools on the market due to its ability to provide mathematical guarantees of software safety, which goes beyond the heuristic-based detection offered by traditional static or dynamic analyzers. Recognized by the U.S. National Institute of Standards and Technology (NIST) for leveraging advanced formal methods, including abstract interpretation, TrustInSoft can mathematically guarantee analyzed software is free of critical runtime errors and vulnerabilities.
In his comments, Monate went on to acknowledge that while memory-safe languages like Rust offer promising alternatives, their toolchains do not yet fully support the full range of embedded microcontrollers used across critical industries. For many organizations, C and C++ remain the most viable options, given the available and reliable toolchains compatible with diverse hardware platforms.
It was also suggested that the CISA provide further clarity around the definition of “product” scope, as outlined by the European Union in the Cyber Resilience Act, which would help organizations to ensure adherence with CISA guidelines.
In view of these considerations, Monate recommended additions to the CISA that could be included in the final CISA document.
Monate said, “When using memory-unsafe languages (such as C/C++) or unsafe features of a memory-safe language, it is advisable to employ sound and exhaustive static analyzers that use formal verification techniques. These tools can ensure thorough coverage and identify memory-related bugs, enhancing the security of codebases.
“A dedicated security activity should be embedded within the SDLC, leveraging state-of-the-art tools (sound static analyzer) and processes during development, testing, and maintenance phases. This aligns with the Shift Left paradigm, which advocates for early integration of security measures.
“Continuous Integration/Continuous Deployment (CI/CD) pipelines should incorporate security checks as part of automated workflows, ensuring regular and consistent assessments.”
“And for high-criticality products or sensitive libraries — based on threat models — organizations should conduct third-party security assessments before product release. Depending on product criticality, such assessments could range from detailed bug reporting by sound and exhaustive static analyzers to physical testing, such as penetration testing and security certifications by accredited security labs.”
Software developers and cybersecurity professionals can explore the benefits of TrustInSoft Analyzer by visiting TrustInSoft’s website or by scheduling a demo. They can also contact TrustInSoft to discuss details about how its tools support compliance with emerging cybersecurity frameworks like CISA’s new guidelines.