View

Sorting

Products found: 1

logo
Offer a reference bonus
0.00

Blade Tool Output Integration Framework

Blade Tool Output Integration Framework (TOIF) is a powerful software vulnerability detection platform. It provides a standards-based environment that integrates the outputs of multiple vulnerability analysis tools in a single uniform view with unified reporting. It leverages OMG Software Assurance Ecosystem standards, Software Fault Patterns (SFPs), and Common Weakness Enumerations (CWEs) Composite Vulnerability Analysis & Reporting. Blade TOIF’s  plug-and-play  environment  provides  a  foundation  for  composite  vulnerability  analysis  by  normalizing,  semantically  integrating,  and  collating  findings from existing vulnerability analysis tools. Improves breadth and acccuracy of off-the-shelf vulnerability analysis tools. Provides powerful vulnerability analysis and management environment for analyzing, reporting and fixing discovered weaknesses. Seamless Integration. Out-off-the-box, Blade TOIF seamlessly integrates into the Eclipse Development Environment and with five open-source vulnerability analysis tools:
  • CppCheck
  • RATS
  • Splint
  • SpotBugs
  • Jlint
It  enables  strategic  use  of  commercial  and  open-source  vulnerability  analysis  tools and, in conjunction with its unified priority reporting, reduces the overall costs of performing a vulnerability assessment by 80%.

Blade TOIF Integration

Integrates into Eclipse development environment:
  • Execute Blade TOIF (desktop deployment) from within Eclipse with progress bar
  • Automatically see defect findings in Eclipse
  • Use the “TOIF Analyze” easy button in the Eclipse toolbar and in the Blade TOIF main menu
  • Run it on a sub-set of project files/ directories
  • Filter the defect findings listed in the Blade TOIF Findings view, based on the selected project data in the Project Explorer in Eclipse

Blade TOIF Key Capabilities

  • Integrates multiple vulnerability detection tools and their findings as “data feeds” into a common repository
  • Addresses wider breadth and depth of vulnerability coverage
  • Common processing of results
  • Normalizes and collates “data feeds” based on discernable patterns described as Software Fault Patterns (SFPs) and CWEs
  • Provides one prioritized report with weighted results across tools/vendors
  • Uses an RDF repository and provides external Java API for additional analysis capabilities
  • Integrates out-of-box with: CppCheck, RATS, Splint, SpotBugs and Jlint
  • Defect Description view provides information related to the cluster, SFP, and CWE description of the selected defect instance in the Blade TOIF Findings view
  • Defect findings, including citing information, can be exported to *.tsv file and subsequently imported to another Blade TOIF project
  • Installation wizard, auto-detection and configuration of open source software (OSS) static code analysis (SCA) tools
  • Supports load build integration to import results generated from the server/load build to the desktop
Combining Blade TOIF with our automated risk analysis platform, Blade Risk Manager, provides a comprehensive cybersecurity risk management solution that includes:
  • Automated risk analysis
  • Automated vulnerability detection and analysis
  • Traceability
  • Measurement and prioritization that make it easy to plan how to best leverage the risk management budget and resources for greatest impact
... Learn more
-
-
ROI-
-
20
10