U.S. Navy software engineers have invented a new tool for source code analysis. The patent-pending invention is available via license to U.S. companies or entrepreneurs who would make, use, or sell it commercially.
The Navy created the new application, known as FLAME (flaw measure), after finding that the procurement cost of the commercially available Fortify static code analyzer prevented that tool’s testing and development.
FLAME comprises several free-ware, scanning tools wrapped into an individual GUI.
It was developed using publicly available open-source tools that perform source code analysis on both C/C++ and Java.
When an operator executes the scanners without FLAME, the scanners may report the same vulnerability multiple times.
Meanwhile, FLAME performs the functions of executing the source code scanners from a single GUI and receiving the scanner output. FLAME then processes the output by removing duplicate vulnerabilities reported by scanners.
Following the processing, FLAME consolidates the unique vulnerabilities into a single file to which the operator can refer.
FLAME enables the operator to save the window of unique vulnerability information to a text file. FLAME automatically provides a comma-separated value (CSV) file so that the vulnerability information can also be viewed in Microsoft Excel.
FLAME competes directly with commercially available tools like Fortify. FLAME identifies the exact same vulnerabilities as conventional code as well as a few more.
FLAME can be used to reinforce secure coding practices and ensure that companies operate low vulnerability systems.
- Consolidates the findings of two or more open-source code analysis tools and removes duplicate
- Reduces false positives from the findings of the source code analysis tools
- Improves static application security testing operator experience
- Businesses or entrepreneurs can commercialize the technology by licensing U.S. Patent Application 15/951,412 from the Navy
- License fees paid to the Navy are negotiable
- TechLink guides businesses through evaluation and licensing; services provided at no cost