Categories
Problems that solves
Risk or Leaks of confidential information
Non-existent or decentralized IT incidents' management
Risk of attacks by hackers
Risk of data loss or damage
Insufficient risk management
Values
Ensure Security and Business Continuity
Manage Risks
Blade Tool Output Integration Framework
Powerful software vulnerability detection platform.It provides a standards-based environment that integrates the outputs of multiple vulnerability analysis tools in a single uniform view and reporting
About Product
Description
Blade Tool Output Integration Framework (TOIF) is a powerful software vulnerability detection platform. It provides a standards-based environment that integrates the outputs of multiple vulnerability analysis tools in a single uniform view with unified reporting.
It leverages OMG Software Assurance Ecosystem standards, Software Fault Patterns (SFPs), and Common Weakness Enumerations (CWEs)
Composite Vulnerability Analysis & Reporting. Blade TOIF’s plug-and-play environment provides a foundation for composite vulnerability analysis by normalizing, semantically integrating, and collating findings from existing vulnerability analysis tools.
Improves breadth and acccuracy of off-the-shelf vulnerability analysis tools. Provides powerful vulnerability analysis and management environment for analyzing, reporting and fixing discovered weaknesses.
Seamless Integration. Out-off-the-box, Blade TOIF seamlessly integrates into the Eclipse Development Environment and with five open-source vulnerability analysis tools:
- CppCheck
- RATS
- Splint
- SpotBugs
- Jlint
Blade TOIF Integration
Integrates into Eclipse development environment:- Execute Blade TOIF (desktop deployment) from within Eclipse with progress bar
- Automatically see defect findings in Eclipse
- Use the “TOIF Analyze” easy button in the Eclipse toolbar and in the Blade TOIF main menu
- Run it on a sub-set of project files/ directories
- Filter the defect findings listed in the Blade TOIF Findings view, based on the selected project data in the Project Explorer in Eclipse
Blade TOIF Key Capabilities
- Integrates multiple vulnerability detection tools and their findings as “data feeds” into a common repository
- Addresses wider breadth and depth of vulnerability coverage
- Common processing of results
- Normalizes and collates “data feeds” based on discernable patterns described as Software Fault Patterns (SFPs) and CWEs
- Provides one prioritized report with weighted results across tools/vendors
- Uses an RDF repository and provides external Java API for additional analysis capabilities
- Integrates out-of-box with: CppCheck, RATS, Splint, SpotBugs and Jlint
- Defect Description view provides information related to the cluster, SFP, and CWE description of the selected defect instance in the Blade TOIF Findings view
- Defect findings, including citing information, can be exported to *.tsv file and subsequently imported to another Blade TOIF project
- Installation wizard, auto-detection and configuration of open source software (OSS) static code analysis (SCA) tools
- Supports load build integration to import results generated from the server/load build to the desktop
- Automated risk analysis
- Automated vulnerability detection and analysis
- Traceability
- Measurement and prioritization that make it easy to plan how to best leverage the risk management budget and resources for greatest impact