cwe top 25

PVS-Studio 7.15: MISRA, CWE, OWASP, Unreal Engine

We are actively developing the PVS-Studio static analysis tool towards detecting Safety and Security-related errors. To be more precise, we've expanded the coverage of the MISRA C:2012 and OWASP ASVS standards. We have supported the MISRA Compliance 2020 standard. One of the more extraordinary innovations is the Best Warnings display mode.

PVS-Studio 7.15: MISRA, CWE, OWASP, Unreal Engine

by Andrey Karpov

From the article:

We have introduced a new feature for the PVS-Studio plugin for Visual Studio. Now you can display the Best Warnings the analyzer issued for a project. In other words, these are the analyzer's most valuable warnings. They demonstrate the analyzer's capabilities for someone, who is just starting out with the analyzer. We call this feature Analyzer Best Warnings. PVS-Studio has always been grouping analyzer warnings by 3 certainty levels. We've been traditionally using these levels to prioritize showing the analysis results — all best warnings should be first-level warnings. For the new version of our analyzer, we have developed a more accurate mechanism to evaluate warnings. Now the mechanism uses many extra criteria in addition to levels — both static (the average diagnostic "value") and dynamic. The dynamic criteria are based on warnings the analyzer issues for a specific code base (for example, detection frequency).