US security specialist Veracode analyzed more than two trillion code lines for the State of Software Security Report . They found that over 85% of all investigated applications have at least one vulnerability. Some of these have been occurring for years and frequently affect cryptography. This is where the Fraunhofer Institute for Mechatronic Systems Design (IEM) comes in with CogniCrypt. The static code analysis tool quickly and reliably identifies and rectifies security-critical misuse of cryptographic libraries while automatically generating secure crypto integration code for various common usage scenarios. As a plug-in, it can be integrated into the development environment Eclipse .
Fraunhofer IEM and achelos GmbH have now further developed the tool in a transfer project of the itʼs OWL technology network. CogniCrypt has been enhanced with new rules that detect erroneous implementations by other libraries (Bouncy Castle) and prevent vulnerabilities at an early stage. The rules were written in compliance with the BSI’s technical guideline 02102-1 .