Blade Tool Output Integration Framework
0.00

Problems that solves

Risk or Leaks of confidential information

Non-existent or decentralized IT incidents' management

Risk of attacks by hackers

Risk of data loss or damage

Insufficient risk management

Values

Ensure Security and Business Continuity

Manage Risks

Blade Tool Output Integration Framework

Powerful software vulnerability detection platform.It provides a standards-based environment that integrates the outputs of multiple vulnerability analysis tools in a single uniform view and reporting

Description

Blade Tool Output Integration Framework (TOIF) is a powerful software vulnerability detection platform. It provides a standards-based environment that integrates the outputs of multiple vulnerability analysis tools in a single uniform view with unified reporting. It leverages OMG Software Assurance Ecosystem standards, Software Fault Patterns (SFPs), and Common Weakness Enumerations (CWEs) Composite Vulnerability Analysis & Reporting. Blade TOIF’s  plug-and-play  environment  provides  a  foundation  for  composite  vulnerability  analysis  by  normalizing,  semantically  integrating,  and  collating  findings from existing vulnerability analysis tools. Improves breadth and acccuracy of off-the-shelf vulnerability analysis tools. Provides powerful vulnerability analysis and management environment for analyzing, reporting and fixing discovered weaknesses. Seamless Integration. Out-off-the-box, Blade TOIF seamlessly integrates into the Eclipse Development Environment and with five open-source vulnerability analysis tools:
  • CppCheck
  • RATS
  • Splint
  • SpotBugs
  • Jlint
It  enables  strategic  use  of  commercial  and  open-source  vulnerability  analysis  tools and, in conjunction with its unified priority reporting, reduces the overall costs of performing a vulnerability assessment by 80%.

Blade TOIF Integration

Integrates into Eclipse development environment:
  • Execute Blade TOIF (desktop deployment) from within Eclipse with progress bar
  • Automatically see defect findings in Eclipse
  • Use the “TOIF Analyze” easy button in the Eclipse toolbar and in the Blade TOIF main menu
  • Run it on a sub-set of project files/ directories
  • Filter the defect findings listed in the Blade TOIF Findings view, based on the selected project data in the Project Explorer in Eclipse

Blade TOIF Key Capabilities

  • Integrates multiple vulnerability detection tools and their findings as “data feeds” into a common repository
  • Addresses wider breadth and depth of vulnerability coverage
  • Common processing of results
  • Normalizes and collates “data feeds” based on discernable patterns described as Software Fault Patterns (SFPs) and CWEs
  • Provides one prioritized report with weighted results across tools/vendors
  • Uses an RDF repository and provides external Java API for additional analysis capabilities
  • Integrates out-of-box with: CppCheck, RATS, Splint, SpotBugs and Jlint
  • Defect Description view provides information related to the cluster, SFP, and CWE description of the selected defect instance in the Blade TOIF Findings view
  • Defect findings, including citing information, can be exported to *.tsv file and subsequently imported to another Blade TOIF project
  • Installation wizard, auto-detection and configuration of open source software (OSS) static code analysis (SCA) tools
  • Supports load build integration to import results generated from the server/load build to the desktop
Combining Blade TOIF with our automated risk analysis platform, Blade Risk Manager, provides a comprehensive cybersecurity risk management solution that includes:
  • Automated risk analysis
  • Automated vulnerability detection and analysis
  • Traceability
  • Measurement and prioritization that make it easy to plan how to best leverage the risk management budget and resources for greatest impact

Scheme of work

 Scheme of work