Name of Your Organization:
Suresoft Technologies Inc. Web Site:
http://www.suresofttech.com
Compatible Capability:
CodesCroll代码检查器 Capability home page:
http://www.suresofttech.com/products/code-inspector/
General Capability Questions Product Accessibility
Provide a short description of how and where your capability is made available to your customers and the public(required):
CodeScroll Code Inspecor是一种许可软件,我们可以根据合同发送产品包。客户将我们的工具安装在他的计算机上后,可以根据要求获得有效的许可证。
映射问题 地图货币指示
Describe how and where your capability indicates the most recent CWE content used to create or update its mappings(required):
CodeScroll Code Inspecor嵌入了有关映射CWE ID和缺陷的解释,这些缺陷可以检测到。此解释是作为代码滚动代码检查器的视图提供的(见图1)。CWE版本信息如图1所示。
Figure 1 CWE Version Information in a view of Rule description
地图货币更新方法
表示您计划更新映射以反映当前的CWE内容的频率,并描述您在将其映射到存储库时与CWE内容保持合理最新的方法(recommended):
Every time we release a new official version of CodeScroll Code Inspector, we update all the CWE mappings. Normally we release 2 or 3 new versions in a year and they are official periodic releases. We check all changes to the CWE compared with older version and update all CWE mappings in our tool. During the release process, independent Quality Assurance team has to involve the process for checking the currency of CWE version.
地图货币更新时间
描述您向客户解释的时间和地点,他们应该期望您能力映射的更新反映新近可用的CWE内容(required):
We explain verbally that the CWE mapping will be updated every official releases and the official releases are 2 or 3 time in a year.
文档问题 CWE AND COMPATIBILITY DOCUMENTATION
提供您的文档描述CWE和CWE兼容性的副本或指示的位置(required):
CodesCroll代码检查器provides online documents about CWE and CWE mapping which is embedded in our tool. Users can find an access link to CWE description in an online help of our tool. (See Figure 2) Through the link they can reach description page about CWE program.
Figure 2 CWE Menu and CWE description in online help
使用CWE标识符查找元素的文档
提供您的文档的副本或指示到其位置,描述了您的客户如何使用CWE标识符在您的功能存储库中找到单个安全元素的特定详细信息(必需的):
CodesCroll代码检查器provides a description about CWE in online help. Thus users can utilize a search function by typing "Ctrl-F" in the online help. With CWE-ID they can search a proper description and find a mapping information between CWE-ID and CWE capability. (See Figure 3)
图3 CWE映射表
DOCUMENTATION OF FINDING CWE IDENTIFIERS USING ELEMENTS
提供您的文档描述用户将遵循的过程的副本或指示,以查找与您功能存储库中个人安全元素相关的CWE标识符(required):
请参考的答案。
与CWE相关材料的文档索引
If your documentation includes an index, provide a copy of the items and resources that you have listed under "CWE" in your index. Alternately, provide directions to where these "CWE" items are posted on your web site(recommended):
N/A。
特定于类型的功能问题
工具问题 FINDING TASKS USING CWE IDENTIFIERS
Give detailed examples and explanations of how a user can locate tasks in the tool by looking for their associated CWE identifier(required):
Once CodeScroll Code Inspector found a potential problem (we call it as "defect"), users can see the relationships between defects and CWE-IDs with following steps.
- 在“缺陷探索”视图中,在搜索窗口上输入CWE-ID(见图4.(1)。
- Check the associated defects only with a given CWE-ID (see Figure 4. (2).
- Select a defect in the above list. Then you can see related rule descripts in a "Rule Description" view
(图4.(3))。您还可以找到有关CWE主页中相关CWE规则的详细说明的链接。
Figure 4 How to look for CWE-IDs
使用报告中的元素查找CWE标识符
给出详细的示例和解释,以说明如何确定单个安全元素的报告,该工具允许用户确定报告中各个安全元素的关联的CWE标识符(required):
CodeScroll Code Inspecor提供的专有规则ID与CWE ID一样。因此,用户可以在“违规细节”视图中的“规则”列上找到CWE ID。
图5如何在结果视图中找到CWE-IDS
GETTING A LIST OF CLAIMED CWE IDENTIFIER COVERAGE
给出详细的示例和解释,说明用户如何获得所有者声称该工具有效定位软件的所有CWE标识符的列表(required):
A complete table of CWE Coverage information is available on the Suresoft Technologies website:
使用CCR提供索取的CWE标识符覆盖范围
对用户如何使用所有CWE标识符找到覆盖范围索赔表示(CCR)XML文档的详细说明(recommended):
CodeScroll Code Instaector尚未提供CCR XML文档。
获取与任务相关的CWE标识符列表
给出详细的示例和解释,说明用户如何获得与工具任务相关联的所有CWE标识符的列表(recommended):
N/A。
使用CWE标识符列表选择任务
Describe the steps and format that a user would use to select a set of tasks by providing a file with a list of CWE identifiers(recommended):
N/A。
SELECTING TASKS USING INDIVIDUAL CWE IDENTIFIERS
Describe the steps that a user would follow to browse, select, and deselect a set of tasks for the tool by using individual CWE identifiers(recommended):
N/A。
请求的CWE标识符的非支持通知
提供有关该工具如何通知用户的说明,无法执行与所选CWE标识符关联的任务(recommended):
N/A。
Media Questions ELECTRONIC DOCUMENT FORMAT INFO
Provide details about the different electronic document formats that you provide and describe how they can be searched for specific CWE-related text(required):
CodeScroll Code Inspector提供了两种不同类型的在线文档,涉及与CWE相关文本。一个是在线帮助。它在其内容中提供了“ CWE”菜单项(请参见图6),您可以找到CWE映射表。(见图7)
图6在线帮助
Figure 7 CWE mapping in online help
另一个是在线规则描述。用户可以找到与CWE-ID相同的规则ID和在线规则说明中与CWE相关的描述链接。(见图8)
Figure 8 Online rule description and CWE-related link
ELECTRONIC DOCUMENT LISTING OF CWE IDENTIFIERS
如果功能的标准电子文档之一仅通过其短名称或标题列出安全元素提供示例文档,以说明如何为每个单独的安全元素列出相关的CWE标识符(required):
请参考的答案。
CWE标识符的电子文档元素
Provide example documents that demonstrate the mapping from the capability’s individual elements to the respective CWE identifier(s)(recommended):
请参考的答案。
Graphical User Interface (GUI) Questions 通过GUI 使用CWE标识符查找元素
Give detailed examples and explanations of how the GUI provides a "find" or "search" function for the user to identify your capability’s elements by looking for their associated CWE identifier(s)(required):
Please refer to the answer to .
GUI ELEMENT TO CWE IDENTIFIER MAPPING
简要描述如何为单个安全元素列出相关的CWE标识符,或讨论用户如何使用CWE标识符和功能元素之间的映射,还描述了映射的格式(required):
请参考的答案。而且,在工具偏好设置中,菜单用户可以在“全局规则”项目中检查CWE-ID。
图9全局规则描述中的CWE-ID
GUI EXPORT ELECTRONIC DOCUMENT FORMAT INFO
提供有关您提供的不同电子文档格式的详细信息(recommended):
请参考的答案。
签名问题 兼容性
拥有授权的个人标志和日期以下兼容性声明(required):
“作为我组织的授权代表,我同意我们将遵守所有强制性的CWE兼容性要求以及适合我们特定类型能力的所有其他强制性CWE兼容性要求。”
Name: Seunguk Oh
Title: Chief Technical Officer
STATEMENT OF ACCURACY
Have an authorized individual sign and date the following accuracy Statement(recommended):
“作为我组织的授权代表,我同意我们将遵守所有强制性的CWE兼容性要求以及适合我们特定类型能力的所有其他强制性CWE兼容性要求。”
Name: Seunguk Oh
Title: Chief Technical Officer
关于falsepitions和false-sengatives 和/或的声明
FOR TOOLS AND SERVICES ONLY — Have an authorized individual sign and date the following statement about your tools efficiency in identification of security elements(required):
“作为我组织的授权代表,我同意我们将遵守所有强制性的CWE兼容性要求以及适合我们特定类型能力的所有其他强制性CWE兼容性要求。”
Name: Seunguk Oh
Title: Chief Technical Officer
More information is available — Please select a different filter.
|
