TrustInSoft unlocks advanced software verification

TrustInSoft Analyser adds formal verification to the fuzzing process by taking generated inputs and repurposing them to conduct deeper analyses, which catches problems that traditional fuzzing does not. The result is software security verification with no false positives or negatives.

“Most fuzzing attempts to generate invalid, unexpected, or completely random data to feed a given program in the hope of discovering any holes in its input verification. The aim is to detect situations when a program accepts an invalid input as valid when it actually shouldn’t,” said Derepas. “Our high-performance, high-volume analysis technology achieves much deeper levels of verification, which were not previously possible. As a result, we offer a mathematically provable 100% guarantee that code tested with TrustInSoft Analyser will contain none of the undefined behaviours that are included in the CWE Top 25 classification list.”

TrustInSoft’s powerful new fuzzing feature guarantees that fuzz testing results are valid for any compiler, any chosen set of compiler options and any memory layout, making it the only comprehensive bug oracle for testing C/C++ code available today.

“This is a unique and innovative capability that no other testing tool can provide,” said Fabrice Derepas, Founder and CEO of TrustInSoft. “Traditional fuzzing tests often miss undefined behaviours, but that needn’t be an issue for C/C++ SW developers, embedded software engineers or product security experts any longer.”