As part of its security measures, Samsung are using the SVACE technology (Security Vulnerabilities and Critical Errors Detector) to detect potential vulnerabilities and errors that might exist in source code of applications created for the Tizen Operating System (OS). This technology was developed by ISP RAS (Institute for System Programming of the Russian Academy of Sciences), who are based in Moscow, Russia.
The Information was disclosed by Arutyun Avetisyan, director of ISP RAS, and Marat Guriev, general director for technology and information services at Samsung Electronics Russia. According to Avetisyan Arutyun and Marat Guriev, Samsung have invested more than $10 million in the development of this technology. Samsung have entered into an agreement with ISP RAS, but ISP RAS will still retain full rights to the intellectual property rights of SVACE and Samsung, as its funder, will have free use of it. Marat Guriev has also disclosed that Samsung has begun using this as its only tool to analyze the source code of applications since 2015.
The solution is applied as part of the Tizen Static Analyzer tool that is included in the Tizen SDK and Studio. Using this tool you can perform Static security analysis of the Tizen apps native C / C ++ source code and discover any issues that they might have. The tool helps discover a wide range of issues at compilation time, such as the dereference of Null Pointers, Memory Leaks, Division by Zero, and Double Free etc.
Arutyun Avetisyan states that a programmer can make up to 20 mistakes (on average), if you are writing 1000 lines of code. But Svace analyzes the code written in C, C++, C# and Java and allows you to dramatically reduce the number of errors, and potential vulnerabilities that can be exploited by a potential hacker. Applications that have been analyzed using this method are then found to be more stable, secure and suffer less from memory leaks, resource issues and potential vulnerabilities in the future.
Related News
