Riscure True Code

Riscure True Code is a software tool specifically designed to automate vulnerability identification in the software development lifecycle (SDLC) and DevSecOps processes. According to the vendor, True Code aims to assist companies of various sizes in delivering more secure code by identifying vulnerabilities early in the development process. True Code is commonly utilized by software developers, security analysts, embedded systems engineers, and industries such as automotive and IoT, where ensuring robust security is paramount.

Key Features

Static Analysis: True Code's Static Analysis module offers a comprehensive set of logical static checks to enhance security in the software development process. As per the vendor, it encompasses a wide range of static checks developed by Riscure Lab over the past two decades, including specific Fault Injection sensitive checks tailored for software-hardware interactions.

Dynamic Analysis: True Code provides Dynamic Analysis capabilities, including fault injection simulation and fuzzing, to identify vulnerabilities in embedded software during runtime. The vendor states that the fault injection simulation assesses the software's behavior when subjected to fault injection on the target hardware architecture. Fuzzing allows for automated testing of interfaces to uncover potential vulnerabilities.

Collaboration: True Code facilitates effective collaboration between security evaluators and development teams. According to the vendor, it provides a database with direct feedback integration into the code, allowing for annotations and clear communication of vulnerability issues. This collaborative feature aims to ensure that security concerns are promptly addressed and resolved during the design phase, fostering a secure development process.

Mitigation Assistance: True Code assists in mitigating security vulnerabilities by providing actionable data to the development team. The vendor claims that it effectively highlights significant security vulnerabilities specific to embedded software, enabling developers to prioritize and address them efficiently. By identifying vulnerabilities early in the development process, True Code aims to prevent costly and time-consuming mitigations post-product release.

DevSecOps: True Code seamlessly integrates security into the DevSecOps process. According to the vendor, it allows for the seamless embedding of code security checks into the existing workflow, enabling continuous monitoring of security vulnerabilities in C projects. By automating security evaluation, True Code promotes a shared responsibility for security throughout the software development lifecycle.