- Shift Left Academy
In order to develop secure code free of vulnerabilities, suppliers are increasingly following a secure development lifecycle to achieve these goals. The IEC 62443-4-1 standard (Security for industrial automation and control systems –Part 4-1: Secure product development lifecycle requirements) defines specific requirements for using a secure development lifecycle in the design, implementation, maintenance and testing of products used in industrial automation and control systems. Grammatech’s CodeSentry and CodeSonar tools can be used to help suppliers comply with this standard.
Two major contributors to security vulnerabilities found in products today are implementation weaknesses in programs created in languages such as C and C++ and the use of Third Party Software (TPS). The CodeSentry and CodeSonar tools can address both of these issues.
This document introduces common causes of security vulnerabilities including implementation programming weaknesses in programing languages and TPS. In addition it describes TPS types, describes TPS specific security challenges and provides guidance on how to use the Grammatech CodeSentry and CodeSonar tools in a workflow to select and manage TPS and overall product security.