White Papers & Technical Papers
|
 |
Resource Links |
Complexity Analysis of Hostile Applets:
Using Path-Oriented Metric Analysis to Unravel Hostile Applet Algorithm
Patterns, Signatures, Similarities, Authors, and Derivations
This paper uses known hostile Java applets as an example baseline that could be analyzed and
profiled using path analysis to better understand the algorithms, identify their patterns, and leverage the analysis to identify signatures, similarities, authors, and derivations.
Click here to download. |
| |
Combining McCabe IQ with Fuzz Testing
Fuzz testing, or fuzzing, is a black-box testing technique that has recently leapt to prominence as a quick and cost effective method for uncovering security bugs. Fuzzing is able to cover the most exposed and critical attack surfaces in a system and identify common errors and potential vulnerabilities quickly and cost-effectively. Although fuzz testing tools can be remarkably effective, their ability to discover bugs on low probability program paths is inherently limited. Many current code coverage tools are inadequate and inefficient for vulnerability analysis. This paper details how leveraging static and dynamic path analysis will improve fuzz testing and software security.
Click here to download. |
| |
Cyclomatic Path Analysis and Security Vulnerabilities
Neither statement nor branch testing is adequate to detect security vulnerabilities and verify control flow integrity. Many exploits can hide in obscure paths and subtrees within a seemingly innocent appearing codebase.
This paper shows how Cyclomatic Path Analysis, on the other hand, detects more security vulnerabilities and errors in your critical applications.
Click here to download. |
| |
Path Insensitive Insecurity
This paper will show you how using software complexity metrics, measuring control flow integrity, and performing sneak path analysis help you make your applications more secure than previously thought possible.
Click here to download. |
| |
Measuring Software Complexity to Target Risky Modules in Autonomous Vehicle Systems
M. N. Clark, Bryan Salesky, Chris Urmson: Carnegie Mellon University
Dale Brenneman: McCabe Software Inc.
Corresponding Author:
M.N.Clark (clarkmn@cmu.edu)
Tartan Racing developed 300 KLOC that represented over 14,000 modules and enabled our robot car "Boss" to win the DARPA Urban Challenge.
This paper describes how any complex software system can be analyzed in terms of its reliability, its degree of maintainability, and ease of integration using applied flow-graph theory. We discuss several code coverage measurements and why this is important in certifying critical software systems used in autonomous vehicles.
Our paper applies cyclomatic complexity analysis to the winning DARPA Urban Challenge vehicle's software. We show graphical primitives followed by views of modules using those constructs. In this way minimum testing paths are quickly computed and viewed. We argue for customizing evaluation thresholds to further filter the modules to a small subset of those most at risk. This "choosing our battles" approach works well when teams are immersed in a fast-paced development program.
Click here to download. |
| |
DO-178B and McCabe IQ
This document briefly describes DO-178B and how McCabe Software's McCabe IQ can be used to support the guidelines. It describes the focus of DO-178B, the Tool Qualification process in both general cases and as it relates to McCabe IQ, and the Certification Process.
This document also provides a summary of McCabe IQ functionality, including specific notes about how McCabe IQ can be used to support the guidelines. Several appendices compile relevant notes to provide more information to those who are interested in this process.
This document can assist readers with becoming more familiar with DO178B, and what may be involved in qualifying McCabe IQ for airborne systems projects.
Click here to download. |
| |
Baseline Code Analysis Using McCabe IQ
This document has been written to provide the answer to three basic questions:
- What is baseline code analysis and why is it important?
- What are the challenges of baseline code analysis?
- How can baseline code analysis with McCabe IQ be used to add value to Development and QA processes?
Click here to download. |
| |
Improved Testing Using McCabe IQ Coverage Analysis
This document has been written to provide the answer to three basic questions:
- To introduce coverage analysis as an increasingly important direction in the
management of software testing
- To describe how the unique coverage analysis techniques available in
McCabe IQ can add value to your test processes. Specifically, this paper covers test assessment and improvement using McCabe IQ coverage analysis in the areas of functional testing, incremental testing, and unit level testing.
Click here to download. |
| |
McCabe Recommended Approach to Code Reviews
This paper was written to provide the answer to three basic questions:
- What is the function of code reviews in increasing productivity and code quality?
- What is the McCabe approach to code reviews?
- How can McCabe IQ be used to set up an automated code review process?
Click here to download. |
| |
Metrics & Thresholds in McCabe IQ
A list of all metrics collected in McCabe IQ, including a description and the standard threshold values used.
Click here to download. |
|
|
 |
Note: In order to view any of the white papers listed here you will need to have Adobe Acrobat Reader installed. Click here to download your free copy.
McCabe e-Blast delivers the latest product, company and event information right to your e-mail box. We'll also let you know when the latest white papers have been released.
>Sign up today!
|
