Navy

FLAME source code diagnostic tool

Detects vulnerability in multiple code languages and reinforces secure coding practices

Software & Information Technology

U.S. Navy software engineers have invented a new tool for source code analysis. The patent-pending invention is available via license to U.S. companies or entrepreneurs who would make, use, or sell it commercially.

The Navy created the new application, known as FLAME (flaw measure), after finding that the procurement cost of the commercially available Fortify static code analyzer prevented that tool’s testing and development.

patent illustration

FLAME comprises several free-ware, scanning tools wrapped into an individual GUI.

It was developed using publicly available open-source tools that perform source code analysis on both C/C++ and Java.

When an operator executes the scanners without FLAME, the scanners may report the same vulnerability multiple times.

Meanwhile, FLAME performs the functions of executing the source code scanners from a single GUI and receiving the scanner output. FLAME then processes the output by removing duplicate vulnerabilities reported by scanners.

Following the processing, FLAME consolidates the unique vulnerabilities into a single file to which the operator can refer.

FLAME enables the operator to save the window of unique vulnerability information to a text file. FLAME automatically provides a comma-separated value (CSV) file so that the vulnerability information can also be viewed in Microsoft Excel.

FLAME competes directly with commercially available tools like Fortify. FLAME identifies the exact same vulnerabilities as conventional code as well as a few more.

FLAME can be used to reinforce secure coding practices and ensure that companies operate low vulnerability systems.

Do you have questions or need more information on a specific technology? Let's talk.

Contact Us