IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
TrustInSoft unveils fuzzing feature for software security testing
Wed, 1st Nov 2023

TrustInSoft, a leading company specialising in exhaustive C/C++ software source code analysis, has introduced a groundbreaking innovation in software security testing with the launch of the new fuzzing feature for TrustInSoft Analyzer.

This cutting-edge technology combines formal verification with traditional fuzzing techniques, resulting in a more comprehensive and wide-ranging analysis of software security. Unlike traditional fuzzing, TrustInSoft Analyzer takes a unique approach that effectively eliminates false positives and negatives by generating inputs and repurposing them for thorough verification. This high-throughput analysis ensures that software tested with TrustInSoft Analyzer is free from undefined behaviors, as outlined in the CWE Top 25 list. 

This progressive fuzzing feature provided by TrustInSoft offers a mathematically proven 100 percent guarantee of code integrity, establishing it as the most comprehensive bug oracle for testing C/C++ code. This is a significant advantage for developers, embedded software engineers, and product security experts.

This innovative testing technology outperforms the limitations of traditional fuzzing methods. TrustInSoft Analyzer seamlessly integrates formal verification into the fuzzing process, repurposing the generated inputs for deeper analysis. As a result, it ensures that software security verification produces reliable results without false outcomes.

 Fabrice Derepas, the Founder and CEO of TrustInSoft, emphasised the distinction, stating, "While most fuzzing endeavours generate invalid, unexpected, or entirely random data to test a given program in the hope of identifying vulnerabilities in its input verification, our high-volume, high-performance analysis technology achieves much deeper levels of verification. 

"This was previously unattainable, providing a mathematically proven 100 percent guarantee that code tested with TrustInSoft Analyzer will not exhibit undefined behaviours listed in the CWE Top 25," he says.

This new feature ensures the security of fuzzing results across various compilers, compiler options, and memory layouts, making it the sole comprehensive bug oracle for testing C/C++ code. 

Derepas stated, "No other testing tool can offer this unique and innovative capability. Traditional fuzzing tests often overlook undefined behaviours, but with TrustInSoft Analyzer's groundbreaking feature, C/C++ software developers, embedded engineers, and product security experts no longer need to be concerned about these issues."

TrustInSoft's pioneering initiative is poised to have a profound impact on the software testing landscape, setting new standards for comprehensive and flaw-free software product testing. The trust and validated results it provides make it an invaluable asset for stakeholders throughout the technology industry. TrustInSoft's fuzzing feature is a significant step forward in enhancing software security and code integrity, providing a robust solution for identifying vulnerabilities and ensuring the reliability of C/C++ software. As software security becomes an ever more critical concern, TrustInSoft's innovative approach represents a game-changing solution for businesses and developers.