Software Security Assessment Tools Review

Total Page:16

File Type:pdf, Size:1020Kb

Software Security Assessment Tools Review Software Security Assessment Tools Review Software Security Assessment Tools Review 2 March 2009 Jointly funded by: Assistant Secretary of the Navy Chief System Engineer 197 Isaac Hull Washington Navy Yard, DC and Naval Ordnance Safety & Security Activity Box 47, Bldg D-323 3817 Strauss Avenue Indian Head, MD 20640 Prepared by: Booz Allen Hamilton McLean, VA Software Security Assessment Tools Review Table of Contents 1. Executive Summary .................................................................................................... 1-1 2. Purpose, Scope, and Background ................................................................................ 2-1 3. Problem Space ............................................................................................................. 3-1 3.1 Threat Environment ..................................................................................................... 3-1 3.2 Properties of Interest in the Software to be Analyzed ................................................. 3-1 3.3 Nature of Software to be Analyzed ............................................................................. 3-1 3.4 Techniques for Testing ................................................................................................ 3-1 3.5 Business Case for Security Testing ............................................................................. 3-2 4. Tool Technologies ....................................................................................................... 4-1 4.1 Analysis of Source Code ............................................................................................. 4-3 4.1.1 Static Analysis Code Scanning .................................................................................... 4-3 4.1.1.1 When to Use Static Analysis Tools ............................................................................. 4-3 4.1.1.2 Required Skills ............................................................................................................ 4-4 4.1.1.3 Potential Benefits ........................................................................................................ 4-4 4.1.1.4 Drawbacks ................................................................................................................... 4-5 4.1.1.5 Static Analysis Tools ................................................................................................... 4-5 4.1.2 Source Code Fault Injection ........................................................................................ 4-9 4.1.2.1 When to Use Source Code Fault Injection .................................................................. 4-9 4.1.2.2 Required Skills .......................................................................................................... 4-10 4.1.2.3 Benefits ...................................................................................................................... 4-10 4.1.2.4 Drawbacks ................................................................................................................. 4-10 4.1.2.5 Specific Tools ............................................................................................................ 4-10 4.1.3 Dynamic Analysis ..................................................................................................... 4-11 4.1.3.1 When to Use Dynamic Analysis ............................................................................... 4-12 4.1.3.2 Required Skills .......................................................................................................... 4-12 4.1.3.3 Benefits ...................................................................................................................... 4-12 4.1.3.4 Drawbacks ................................................................................................................. 4-12 4.1.3.5 Tools .......................................................................................................................... 4-12 4.1.4 Architectural Analysis ............................................................................................... 4-13 4.1.4.1 Asset Identification .................................................................................................... 4-14 4.1.4.2 Risk Analysis ............................................................................................................. 4-14 4.1.4.3 Threat Analysis .......................................................................................................... 4-16 4.1.4.4 Architectural Risk Analysis ....................................................................................... 4-18 4.1.4.5 Organizing Risk Information ..................................................................................... 4-19 4.1.4.6 Risk Likelihood Determination ................................................................................. 4-20 4.1.4.7 Risk Impact Determination ....................................................................................... 4-21 4.1.4.8 Risk Exposure Statement ........................................................................................... 4-22 4.1.4.9 Risk Mitigation .......................................................................................................... 4-22 4.1.4.10 When to Apply Risk Analysis ................................................................................... 4-23 4.1.4.11 Tools .......................................................................................................................... 4-25 4.1.5 Pedigree Analysis ...................................................................................................... 4-27 4.1.5.1 When to Use Pedigree Analysis ................................................................................ 4-27 4.1.5.2 Benefits of Pedigree Analysis ................................................................................... 4-28 4.1.5.3 Drawbacks of Pedigree Analysis ............................................................................... 4-28 i Software Security Assessment Tools Review Table of Contents (cont'd) 4.1.5.4 Pedigree Analysis Tools ............................................................................................ 4-28 4.2 Analysis of Executables ............................................................................................ 4-29 4.2.1 Binary Code Analysis ................................................................................................ 4-29 4.2.1.1 When to Use Binary Analysis ................................................................................... 4-29 4.2.1.2 Required Skills .......................................................................................................... 4-29 4.2.1.3 Benefits ...................................................................................................................... 4-30 4.2.1.4 Drawbacks ................................................................................................................. 4-30 4.2.1.5 Specific Tools and Services ...................................................................................... 4-30 4.2.2 Disassembler Analysis Tools .................................................................................... 4-31 4.2.2.1 When to Use Disassembler Analysis ......................................................................... 4-31 4.2.2.2 Benefits ...................................................................................................................... 4-31 4.2.2.3 Drawbacks ................................................................................................................. 4-31 4.2.2.4 Specific Tools and Services for Hire ......................................................................... 4-32 4.2.3 Binary Fault Injection ................................................................................................ 4-32 4.2.3.1 When to Use Binary Fault Injection .......................................................................... 4-33 4.2.3.2 Required Skills .......................................................................................................... 4-33 4.2.3.3 Benefits ...................................................................................................................... 4-33 4.2.3.4 Drawbacks ................................................................................................................. 4-34 4.2.3.5 Tools .......................................................................................................................... 4-34 4.2.4 Fuzzing ...................................................................................................................... 4-34 4.2.4.1 When to Use Fuzzing ................................................................................................ 4-34 4.2.4.2 Required Skills .......................................................................................................... 4-35 4.2.4.3 Benefits of Fuzzing ................................................................................................... 4-35 4.2.4.4 Drawbacks ................................................................................................................. 4-36 4.2.4.5 Tools: ......................................................................................................................... 4-36 4.2.5 Malicious Code Detectors ........................................................................................
Recommended publications
  • A Beginner's Guide to Freebasic
    A Beginner’s Guide to FreeBasic Richard D. Clark Ebben Feagan A Clark Productions / HMCsoft Book Copyright (c) Ebben Feagan and Richard Clark. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". The source code was compiled under version .17b of the FreeBasic compiler and tested under Windows 2000 Professional and Ubuntu Linux 6.06. Later compiler versions may require changes to the source code to compile successfully and results may differ under different operating systems. All source code is released under version 2 of the Gnu Public License (http://www.gnu.org/copyleft/gpl.html). The source code is provided AS IS, WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Microsoft Windows®, Visual Basic® and QuickBasic® are registered trademarks and are copyright © Microsoft Corporation. Ubuntu is a registered trademark of Canonical Limited. 2 To all the members of the FreeBasic community, especially the developers. 3 Acknowledgments Writing a book is difficult business, especially a book on programming. It is impossible to know how to do everything in a particular language, and everyone learns something from the programming community. I have learned a multitude of things from the FreeBasic community and I want to send my thanks to all of those who have taken the time to post answers and examples to questions.
    [Show full text]
  • Static Analysis the Workhorse of a End-To-End Securitye Testing Strategy
    Static Analysis The Workhorse of a End-to-End Securitye Testing Strategy Achim D. Brucker [email protected] http://www.brucker.uk/ Department of Computer Science, The University of Sheffield, Sheffield, UK Winter School SECENTIS 2016 Security and Trust of Next Generation Enterprise Information Systems February 8–12, 2016, Trento, Italy Static Analysis: The Workhorse of a End-to-End Securitye Testing Strategy Abstract Security testing is an important part of any security development lifecycle (SDL) and, thus, should be a part of any software (development) lifecycle. Still, security testing is often understood as an activity done by security testers in the time between “end of development” and “offering the product to customers.” Learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, security testing should be integrated, as early as possible, into the daily development activities. The fact that static analysis can be deployed as soon as the first line of code is written, makes static analysis the right workhorse to start security testing activities. In this lecture, I will present a risk-based security testing strategy that is used at a large European software vendor. While this security testing strategy combines static and dynamic security testing techniques, I will focus on static analysis. This lecture provides a introduction to the foundations of static analysis as well as insights into the challenges and solutions of rolling out static analysis to more than 20000 developers, distributed across the whole world. A.D. Brucker The University of Sheffield Static Analysis February 8–12., 2016 2 Today: Background and how it works ideally Tomorrow: (Ugly) real world problems and challenges (or why static analysis is “undecideable” in practice) Our Plan A.D.
    [Show full text]
  • Actors at Work Issue Date: 2016-12-15 Actors at Work Behrooz Nobakht
    Cover Page The handle http://hdl.handle.net/1887/45620 holds various files of this Leiden University dissertation Author: Nobakht, Behrooz Title: Actors at work Issue Date: 2016-12-15 actors at work behrooz nobakht 2016 Leiden University Faculty of Science Leiden Institute of Advanced Computer Science Actors at Work Actors at Work Behrooz Nobakht ACTORS AT WORK PROEFSCHRIFT ter verkrijging van de graad van doctor aan de Universiteit Leiden op gezag van de Rector Magnificus prof. dr. C. J. J. M. Stolker, volgens besluit van het College voor Promoties te verdedigen op donderdag 15 december 2016 klokke 11.15 uur door Behrooz Nobakht geboren te Tehran, Iran, in 1981 Promotion Committee Promotor: Prof. Dr. F.S. de Boer Co-promotor: Dr. C. P. T. de Gouw Other members: Prof. Dr. F. Arbab Dr. M.M. Bonsangue Prof. Dr. E. B. Johnsen University of Oslo, Norway Prof. Dr. M. Sirjani Reykjavik University, Iceland The work reported in this thesis has been carried out at the Center for Mathematics and Computer Science (CWI) in Amsterdam and Leiden Institute of Advanced Computer Science at Leiden University. This research was supported by the European FP7-231620 project ENVISAGE on Engineering Virtualized Resources. Copyright © 2016 by Behrooz Nobakht. All rights reserved. October, 2016 Behrooz Nobakht Actors at Work Actors at Work, October, 2016 ISBN: 978-94-028-0436-2 Promotor: Prof. Dr. Frank S. de Boer Cover Design: Ehsan Khakbaz <[email protected]> Built on 2016-11-02 17:00:24 +0100 from 397717ec11adfadec33e150b0264b0df83bdf37d at https://github.com/nobeh/thesis using: This is pdfTeX, Version 3.14159265-2.6-1.40.16 (TeX Live 2015/Debian) kpathsea version 6.2.1 Leiden University Leiden Institute of Advanced Computer Science Faculty of Science Niels Bohrweg 1 2333 CA and Leiden Contents I Introduction1 1 Introduction 3 1.1 Objectives and Architecture .
    [Show full text]
  • List of Requirements for Code Reviews
    WP2 DIGIT B1 - EP Pilot Project 645 Deliverable 9: List of Requirements for Code Reviews Specific contract n°226 under Framework Contract n° DI/07172 – ABCIII April 2016 DIGIT Fossa WP2 – Governance and Quality of Software Code – Auditing of Free and Open Source Software. Deliverable 9: List of requirements for code reviews Author: Disclaimer The information and views set out in this publication are those of the author(s) and do not necessarily reflect the official opinion of the Commission. The content, conclusions and recommendations set out in this publication are elaborated in the specific context of the EU – FOSSA project. The Commission does not guarantee the accuracy of the data included in this study. All representations, warranties, undertakings and guarantees relating to the report are excluded, particularly concerning – but not limited to – the qualities of the assessed projects and products. Neither the Commission nor any person acting on the Commission’s behalf may be held responsible for the use that may be made of the information contained herein. © European Union, 2016. Reuse is authorised, without prejudice to the rights of the Commission and of the author(s), provided that the source of the publication is acknowledged. The reuse policy of the European Commission is implemented by a Decision of 12 December 2011. Document elaborated in the specific context of the EU – FOSSA project. Reuse or reproduction authorised without prejudice to the Commission’s or the authors’ rights. Page 2 of 51 DIGIT Fossa WP2 – Governance and Quality of Software Code – Auditing of Free and Open Source Software. Deliverable 9: List of requirements for code reviews Contents CONTENTS............................................................................................................................................
    [Show full text]
  • Undefined Behaviour in the C Language
    FAKULTA INFORMATIKY, MASARYKOVA UNIVERZITA Undefined Behaviour in the C Language BAKALÁŘSKÁ PRÁCE Tobiáš Kamenický Brno, květen 2015 Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Vedoucí práce: RNDr. Adam Rambousek ii Acknowledgements I am very grateful to my supervisor Miroslav Franc for his guidance, invaluable help and feedback throughout the work on this thesis. iii Summary This bachelor’s thesis deals with the concept of undefined behavior and its aspects. It explains some specific undefined behaviors extracted from the C standard and provides each with a detailed description from the view of a programmer and a tester. It summarizes the possibilities to prevent and to test these undefined behaviors. To achieve that, some compilers and tools are introduced and further described. The thesis contains a set of example programs to ease the understanding of the discussed undefined behaviors. Keywords undefined behavior, C, testing, detection, secure coding, analysis tools, standard, programming language iv Table of Contents Declaration ................................................................................................................................ ii Acknowledgements .................................................................................................................. iii Summary .................................................................................................................................
    [Show full text]
  • Powerbasic Console Compiler 603
    1 / 2 PowerBasic Console Compiler 603 Older DOS tools may still be fixed and/or enhanced, but newer command line tools, if any, will ... BAS source code recompilation requires PowerBASIC 3.1 DOS compiler, while .MOD source ... COM 27 603 29.09.03 23:15 ; 9.6s -- no bug LIST.. PowerBASIC Console Compiler for Windows. Create Windows applications with a text mode user interface. Published by PowerBASIC. Distributed by .... Код: Выделить всё: #compile exe ... http://rl-team.net/1146574146-powerbasic-for-windows-v-1003-powerbasic-console-compiler-v-603.html.. This collection includes 603 Hello World programs in as many more-or-less well ... Hello World in Powerbasic Console Compiler FUNCTION PBMAIN () AS .... 16 QuickBASIC/PowerBASIC Console I/O .. ... Register Port A Port B Port C Port D Port E Port F IOConf Address 0x600 0x601 0x602 0x603 0x604 0x605 0x606 ... Similar functions (and header files) are available for other C compilers and .... 48. asm11_77.zip, A DOS based command-line MC68HC11 cross-assembler ... 139. compas3e.zip, COMPAS v3.0 - Compiler from Pascal for educational ... 264. fce4pb24.zip, FTP Client Engine v2.4 for Power Basic, 219742, 2004-06-10 10:11:19 ... 603. reloc100.zip, Relocation Handler v1.00 by Piotr Warezak, 10734 .... PowerBASIC Console Compiler v6.0. 2 / 3415. Table of contents ... Error 603 - Incompatible with a Dual/IDispatch interface ............................ 214. Error 605 .... PowerBasic Console Compiler 6.03link: https://cinurl.com/1gotz8. 603-260-8480 Software provider to use compile and work where and when? ... Get wired for power. Basic large family enjoy fun nights like that. ... Report diagnosis code as an application from console without writing any custom duty or ...
    [Show full text]
  • Computer Architectures
    Computer Architectures Motorola 68000, 683xx a ColdFire – CISC CPU Principles Demonstrated Czech Technical University in Prague, Faculty of Electrical Engineering AE0B36APO Computer Architectures Ver.1.10 1 Original Desktop/Workstation 680X0 Feature 68000 'EC000 68010 68020 68030 68040 68060 Data bus 16 8/16 16 8/16/32 8/16/32 32 32 Addr bus 23 23 23 32 32 32 32 Misaligned Addr - - - Yes Yes Yes Yes Virtual memory - - Yes Yes Yes Yes Yes Instruct Cache - - 3 256 256 4096 8192 Data Cache - - - - 256 4096 8192 Memory manager 68451 or 68851 68851 Yes Yes Yes ATC entries - - - - 22 64/64 64/64 FPU interface - - - 68881 or 68882 Internal FPU built-in FPU - - - - - Yes Yes Burst Memory - - - - Yes Yes Yes Bus Cycle type asynchronous both synchronous Data Bus Sizing - - - Yes Yes use 68150 Power (watts) 1.2 0.13-0.26 0.13 1.75 2.6 4-6 3.9-4.9 at frequency of 8.0 8-16 8 16-25 16-50 25-40 50-66 MIPS/kDhryst. 1.2/2.1 2.5/4.3 6.5/11 14/23 35/60 100/300 Transistors 68k 84k 190k 273k 1,170k 2,500k Introduction 1979 1982 1984 1987 1991 1994 AE0B36APO Computer Architectures 2 M68xxx/CPU32/ColdFire – Basic Registers Set 31 16 15 8 7 0 User programming D0 D1 model registers D2 D3 DATA REGISTERS D4 D5 D6 D7 16 15 0 A0 A1 A2 A3 ADDRESS REGISTERS A4 A5 A6 16 15 0 A7 (USP) USER STACK POINTER 0 PC PROGRAM COUNTER 15 8 7 0 0 CCR CONDITION CODE REGISTER 31 16 15 0 A7# (SSP) SUPERVISOR STACK Supervisor/system POINTER 15 8 7 0 programing model (CCR) SR STATUS REGISTER 31 0 basic registers VBR VECTOR BASE REGISTER 31 3 2 0 SFC ALTERNATE FUNCTION DFC CODE REGISTERS AE0B36APO Computer Architectures 3 Status Register – Conditional Code Part USER BYTE SYSTEM BYTE (CONDITION CODE REGISTER) 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 T1 T0 S 0 0 I2 I1 I0 0 0 0 X N Z V C TRACE INTERRUPT EXTEND ENABLE PRIORITY MASK NEGATIVE SUPERVISOR/USER ZERO STATE OVERFLOW CARRY ● N – negative ..
    [Show full text]
  • Parasoft Static Application Security Testing (SAST) for .Net - C/C++ - Java Platform
    Parasoft Static Application Security Testing (SAST) for .Net - C/C++ - Java Platform Parasoft® dotTEST™ /Jtest (for Java) / C/C++test is an integrated Development Testing solution for automating a broad range of testing best practices proven to improve development team productivity and software quality. dotTEST / Java Test / C/C++ Test also seamlessly integrates with Parasoft SOAtest as an option, which enables end-to-end functional and load testing for complex distributed applications and transactions. Capabilities Overview STATIC ANALYSIS ● Broad support for languages and standards: Security | C/C++ | Java | .NET | FDA | Safety-critical ● Static analysis tool industry leader since 1994 ● Simple out-of-the-box integration into your SDLC ● Prevent and expose defects via multiple analysis techniques ● Find and fix issues rapidly, with minimal disruption ● Integrated with Parasoft's suite of development testing capabilities, including unit testing, code coverage analysis, and code review CODE COVERAGE ANALYSIS ● Track coverage during unit test execution and the data merge with coverage captured during functional and manual testing in Parasoft Development Testing Platform to measure true test coverage. ● Integrate with coverage data with static analysis violations, unit testing results, and other testing practices in Parasoft Development Testing Platform for a complete view of the risk associated with your application ● Achieve test traceability to understand the impact of change, focus testing activities based on risk, and meet compliance
    [Show full text]
  • Email: [email protected] Website
    Email: [email protected] Website: http://chrismatech.com Experienced software and systems engineer who has successfully deployed custom & industry-standard embedded, desktop and networked systems for commercial and DoD customers. Delivered systems operate on airborne, terrestrial, maritime, and space based vehicles and platforms. Expert in performing all phases of the software and system development life-cycle including: Creating requirements and design specifications. Model-driven software development, code implementation, and unit test. System integration. Requirements-based system verification with structural coverage at the system and module levels. Formal qualification/certification test. Final product packaging, delivery, and site installation. Post-delivery maintenance and customer support. Requirements management and end-to-end traceability. Configuration management. Review & control of change requests and defect reports. Quality assurance. Peer reviews/Fagan inspections, TIMs, PDRs and CDRs. Management and project planning proficiencies include: Supervising, coordinating, and mentoring engineering staff members. Creating project Software Development Plans (SDPs). Establishing system architectures, baseline designs, and technical direction. Creating & tracking project task and resource scheduling, costs, resource utilization, and metrics (e.g., Earned Value Analysis). Preparing proposals in response to RFPs and SOWs. Project Management • Microsoft Project, Excel, Word, PowerPoint, Visio & Documentation: • Adobe Acrobat Professional
    [Show full text]
  • Survey of Verification and Validation Techniques for Small Satellite Software Development
    Survey of Verification and Validation Techniques for Small Satellite Software Development Stephen A. Jacklin NASA Ames Research Center Presented at the 2015 Space Tech Expo Conference May 19-21, Long Beach, CA Summary The purpose of this paper is to provide an overview of the current trends and practices in small-satellite software verification and validation. This document is not intended to promote a specific software assurance method. Rather, it seeks to present an unbiased survey of software assurance methods used to verify and validate small satellite software and to make mention of the benefits and value of each approach. These methods include simulation and testing, verification and validation with model-based design, formal methods, and fault-tolerant software design with run-time monitoring. Although the literature reveals that simulation and testing has by far the longest legacy, model-based design methods are proving to be useful for software verification and validation. Some work in formal methods, though not widely used for any satellites, may offer new ways to improve small satellite software verification and validation. These methods need to be further advanced to deal with the state explosion problem and to make them more usable by small-satellite software engineers to be regularly applied to software verification. Last, it is explained how run-time monitoring, combined with fault-tolerant software design methods, provides an important means to detect and correct software errors that escape the verification process or those errors that are produced after launch through the effects of ionizing radiation. Introduction While the space industry has developed very good methods for verifying and validating software for large communication satellites over the last 50 years, such methods are also very expensive and require large development budgets.
    [Show full text]
  • PDQ Manual.Pdf
    CRESCENT SOFTWARE, INC. P.D.Q. A New Concept in High-Level Programming Languages Version 3.13 Entire contents Copyright © 1888-1983 by Ethan Winer and Crescent Software. P.D.Q. was conceived and written by Ethan Winer, with substantial contributions [that is, the really hard parts) by Robert L. Hummel. The example programs were written by Ethan Winer, Don Malin, and Nash Bly, with additional contributions by Crescent and Full Moon customers. The floating point math package was written by Paul Passarelli. This manual was written by Ethan Winer. The section that describes how to use P.O.Q. with assembly language was written by Hardin Brothers. Full Moon Software 34 Cedar Vale Drive New Milford, CT 06776 Sales: 860-350-6120 Support: 860-350-8188 (voice); 860-350-6130 [fax) Sixth printing. LICENSE AGREEMENT Crescent Software grants a license to use the enclosed software and printed documentation to the original purchaser. Copies may be made for back-up purposes only. Copies made for any other purpose are expressly prohibited, and adherence to this requirement is the sole responsibility of the purchaser. However, the purchaser does retain the right to sell or distribute programs that contain P.D.Q. routines, so long as the primary purpose of the included routines is to augment the software being sold or distributed. Source code and libraries for any component of the P.D.Q. program may not be distributed under any circumstances. This license may be transferred to a third party only if all existing copies of the software and documentation are also transferred.
    [Show full text]
  • Codesonar the SAST Platform for Devsecops
    DATASHEET CodeSonar The SAST Platform for DevSecOps Accelerate Application Security Software teams are under constant pressure to deliver more content with higher complexity, in shorter timeframes, with increased quality and security. Static Application Security Testing is a proven best practice to help software teams deliver the best code in the shortest timeframe. GrammaTech has been a leader in this field for over 15 years with CodeSonar delivering multi-language SAST capabilities for enterprises where software quality and software security matter. DevSecOps - Speed and Scale Language Support Software developers need rapid feedback on security CodeSonar supports many popular languages, including vulnerabilities in their code. CodeSonar can be integrated into C/C++, Java, C# and Android, as well as support for native software development environments, works unobtrusively to binaries in Intel, Arm and PowerPC instruction set architectures. the developer and provides rapid feedback. CodeSonar also supports OASIS SARIF, for exchange of information with other tools in the DevSecOps environment. Examples of Defects Detected • Buffer over- and underruns • Cast and conversion problems • Command injection • Copy-paste error • Concurrency • Ignored return value • Memory leak • Tainted data • Null pointer dereference • Dangerous function • Unused parameter / value And hundreds more Security Quality Privacy Broad coverage of security vulnerabilities, Integration into DevSecOps to improve Checkers that detect performance including OWASP Top10, SANS/CWE 25. quality of the code and developer impacts such as unnecessary test for Support for third party applications efficiency. Find code quality and nullness, creation of redundant objects or through byte code analysis. performance issues at speed. superfluous memory writes. Team Support Built In CodeSonar is designed to support large teams.
    [Show full text]