CogniCrypt detects vulnerabilities even better
In the “it’s OWL” transfer project, Fraunhofer IEM and achelos GmbH worked together on the further development of CogniCrypt, a static code analysis tool. The results have been incorporated into the open source product.02 Aug. 2019 Barbara Rusch
US security specialist Veracode analyzed more than two trillion code lines for the State of Software Security Report . They found that over 85% of all investigated applications have at least one vulnerability. Some of these have been occurring for years and frequently affect cryptography. This is where the Fraunhofer Institute for Mechatronic Systems Design (IEM) comes in with CogniCrypt. The static code analysis tool quickly and reliably identifies and rectifies security-critical misuse of cryptographic libraries while automatically generating secure crypto integration code for various common usage scenarios. As a plug-in, it can be integrated into the development environment Eclipse .
Fraunhofer IEM and achelos GmbH have now further developed the tool in a transfer project of the itʼs OWL technology network. CogniCrypt has been enhanced with new rules that detect erroneous implementations by other libraries (Bouncy Castle) and prevent vulnerabilities at an early stage. The rules were written in compliance with the BSI’s technical guideline 02102-1 .
Interested in news about exhibitors, top offers and trends in the industry?
Your web browser is outdated. Update your browser for more security, speed and optimal presentation of this page.Update Browser