advertisement
advertisement
HANNOVER MESSE 2020, 20 - 24 April
switch to:
Industrie 4.0

CogniCrypt detects vulnerabilities even better

In the “it’s OWL” transfer project, Fraunhofer IEM and achelos GmbH worked together on the further development of CogniCrypt, a static code analysis tool. The results have been incorporated into the open source product.

02 Aug. 2019
HMI-ID07-044br_fraunhoferIEM
Photo: Fraunhofer IEM

US security specialist Veracode analyzed more than two trillion code lines for the State of Software Security Report . They found that over 85% of all investigated applications have at least one vulnerability. Some of these have been occurring for years and frequently affect cryptography. This is where the Fraunhofer Institute for Mechatronic Systems Design (IEM) comes in with CogniCrypt. The static code analysis tool quickly and reliably identifies and rectifies security-critical misuse of cryptographic libraries while automatically generating secure crypto integration code for various common usage scenarios. As a plug-in, it can be integrated into the development environment Eclipse .

Fraunhofer IEM and achelos GmbH have now further developed the tool in a transfer project of the itʼs OWL technology network. CogniCrypt has been enhanced with new rules that detect erroneous implementations by other libraries (Bouncy Castle) and prevent vulnerabilities at an early stage. The rules were written in compliance with the BSI’s technical guideline 02102-1 .

advertisement
advertisement