cwe

PVS-Studio 6.24 released

A new release of the PVS-Studio static code analyzer became available to download. This tool is designed to detect errors and potential vulnerabilities in the source code of programs, written in C, C++, and C#.

PVS-Studio 6.24 released

by Andrey Karpov

From the article:

Support for Texas Instruments Code Composer Studio, ARM compiler was added under Windows\Linux. 8 new diagnostics were introduced to detect errors in C and C++ code. In addition to the development of new diagnostics, we continue improving Data-Flow analysis that enables old diagnostics find more bugs. Thanks to these improvements, the analyzer finds more interesting errors, like the one we described in the article "February 31". Download and try PVS-Studio.

PVS-Studio 6.21 release: support for CWE (Common Weakness Enumeration) was added

PVS-Studio is a tool for bug detection in the source code of programs, written in C, C++, and C#. It works in Windows and Linux environment.

PVS-Studio 6.21 Release

by PVS-Studio Team

What's new:

  • Support for CWE (Common Weakness Enumeration) was added to C/C++/C# analyzers.
  • HTML log with source code navigation can now be saved from Visual Studio plug-ins and the Standalone tool.
  • WDK (Windows Driver Kit) projects for Visual Studio 2017 are now supported.
  • PVS-Studio plug-in for SonarQube was updated for the latest LTS version 6.7.
  • V1007. The value from the uninitialized optional is used. Probably it is a mistake.

PVS-Studio: searching software weaknesses

As we check Apache HTTP Server, we see bugs crawling everywhere across the code. But wait! These are not just bugs, but security weaknesses!

PVS-Studio: searching software weaknesses

by Andrey Karpov, Phillip Khandeliants

From the article:

PVS-Studio has always been able to detect a large number of various security defects (potential vulnerabilities) in the program code. However, historically, we positioned PVS-Studio as a tool to search for errors. We see a trend in the software development to look for vulnerabilities in the code, although it is just the same. It seems to us that it is high time to do the rebranding of our static analyzer PVS-Studio. We will start with Common Weakness Enumeration (CWE). This article provides a table that shows matches of PVS-Studio diagnostic warnings of with the classifier. The table will be gradually updated and changed, but we can already use the table to write articles about security defects detected in projects. We suppose it would attract more attention of the software security specialists.