TrustInSoft, the leader in exhaustive C/C++ software source code analysis, announced today that TrustInSoft Analyzer has introduced game-changing analysis technology that takes software security testing to unprecedented levels.
TrustInSoft Analyzer adds formal verification to the fuzzing process by taking generated inputs and repurposes them to conduct deeper analyses, which catches problems that traditional fuzzing does not. The result is software security verification with no false positives or negatives.
“Most fuzzing attempts to generate invalid, unexpected, or completely random data to feed a given program in the hope of discovering any holes in its input verification. The aim is to detect situations when a program accepts an invalid input as valid when it actually shouldn’t,” said Derepas. “Our high-performance, high-volume analysis technology achieves much deeper levels of verification, which were not previously possible. As a result, we offer a mathematically provable 100 percent guarantee that code tested with TrustInSoft Analyzer will contain none of the undefined behaviors that are included in the CWE Top 25 classification list.”
TrustInSoft’s powerful new fuzzing feature guarantees that fuzz testing results are valid for any compiler, any chosen set of compiler options and any memory layout, making it the only comprehensive bug oracle for testing C/C++ code available today.
“This is a unique and innovative capability that no other testing tool can provide,” said Fabrice Derepas, Founder and CEO of TrustInSoft. “Traditional fuzzing tests often miss undefined behaviors, but that needn’t be an issue for C/C++ SW developers, embedded software engineers or product security experts any longer.”