Secure Coding Validation Suite
The Secure Coding Validation Suite (or validation suite) is a CERT tool that performs a set of tests to validate the rules defined in ISO Technical Specification 17961. These tests are based on the examples in this technical specification.
Compilers and source code analysis tools are trusted processes, meaning that a degree of reliance is placed on the output of the tools. Accordingly, developers must ensure that this trust is not misplaced. Ideally, trust should be achieved by the tool supplier running appropriate validation tests such as this validation suite. The Secure Coding Validation Suite includes tools that allow vendors to use these tests with an analyzer, interpreter, or compiler, along with the test_driver.sh script, and a utility to decipher and display the results as a report. By using this validation suite, vendors can ensure that they have successfully diagnosed rule violations in the suite.
In August 2014, there were 45 rules with associated test files in the Secure Coding Validation Suite. Its functionality and framework for rules testing (and rules reporting) can be augmented with new rules tests. The validation suite is distributed open source with a BSD-style license.
We welcome your code contributions to the test suite; contact us if you would like to contribute code.