Decision Support for Software Code Analysis

Period of Performance: 01/24/2014 - 01/26/2016

$1.75MM

Phase 2 SBIR

Recipient Firm

Sentar, Inc.
315 Wynn Drive Array
Huntsville, AL 35805
Principal Investigator

Abstract

The Sentar veriScan tool is a software assurance product for analyzing and assessing both source and binary software files for the presence of program vulnerabilities, coding weaknesses, and malicious intent. VeriScan automates the execution of a critical mass of analysis programs for verifying large scale, implicitly trusted software systems; performs risk assessments; reports on those risks in the face of reuse; and provides decision support to enable the mitigation of any risks identified. VeriScan provides unique software assurance capabilities not typically found in commercial software products, including: 1) analysis of both source and binary files, 2) analysis for both known and previously undiscovered malware, 3) an integrated risk assessment of potentially conflicting analysis results, and 4) detection of classified information spillage in source code comments or in variable and function names. These capabilities combined make veriScan a far more comprehensive tool than current commercial tools and products. When comparing the utility of veriScan with commercial products, veriScan requires little training to use and targets a much lower price point for user licensing fees. Approved for Public Release 14-MDA-7739 (18 March 14).