SafeRiver has developed a set of services for software security based on:

  • Design and Coding Rules for security (based on JavaSec, CERT Java or Cert C),
  • Code production security,
  • Attack surface Computation,
  • Detection and Localization of CWE thanks to static code analysis:
    • COTS (Coverity, Klocwork e.g.) : configuration of checkers
    • Our tool Carto-C, based on frama-C
  • Investigation of the flaws exploitability: Impact and Tainted Analysis with Carto-C

Design and Coding rules as well as Static Analyzers configuration with respect to targeted vulnerabilities are available as «methodological kits».