Blade TOIF

Zero in on cyber-system vulnerabilities

Blade TOIF (Tool Output Integration Framework) is a powerful software vulnerability detection platform. It provides a standards-based environment and integrates the outputs of multiple vulnerability analysis tools in a single uniform view of vulnerability information, with unified reporting. It leverages OMG Software Assurance Ecosystem standards, Software Fault Patterns (SFPs), and Common Weakness Enumerations (CWEs).

Highlights

  • Reference implementation for standard-based adaptors
  • Further CWE normalization of vulnerability reports based on the Software Fault Patterns; adoption of SFPs
  • Adoption of standard-based reporting of vulnerabilities
  • Utilization of open source development to advance the SwA space
  • A common protocol for exchanging vulnerability findings
  • Based on existing standard protocol for exchanging system facts; the OMG Knowledge Discovery Metamodel (KDM), now ISO/IEC 19506.

Composite Vulnerability Analysis & Reporting

Blade TOIF’s plug-and-play environment provides a foundation for composite vulnerability analysis by normalizing, semantically integrating, and collating findings from existing vulnerability analysis tools. This improves the breadth and accuracy of individual off-the-shelf vulnerability analysis tools. It also provides developers and security analysts with a powerful vulnerability analysis and management environment for analyzing, reporting and fixing discovered weaknesses and vulnerabilities.

Seamless Integration

Out-off-the-box, Blade TOIF seamlessly integrates into the Eclipse Development Environment and with five open-source vulnerability analysis tools:

  • CppCheck
  • RATS
  • Splint
  • FindBugs
  • Jlint

The Blade TOIF package includes two components: server/load build, and desktop deployments. Results from the server can be shared at all subscribed desktops. This eliminates the need to deploy all vulnerability analysis tools to the desktop.

Blade TOIF is offered on a per-seat subscription basis.

Blade TOIF Features & Options

TOIF Open Source Software Blade TOIF Server Blade TOIF Desktop
Targeted to load build type of environment
SCA tools are run outside of TOIF environment and results are imported and merged inside TOIF
SCA tools run as command lines; results must be manually imported to Findings Viewer
Configurable prioritized reports
Export to .tsv format to view data in spreadsheet or import into Blade TOIF Desktop
Default confidence per tool per SFP/CWE
Targeted to integrated development environment (Eclipse) developers at the desktop
SCA tools are run within the integrated development environment (Eclipse); results are automatically passed to Report Viewer
SCA tools take compile environment (includes, defines, etc.) from integrated development environment (Eclipse) project file/settings
Installation wizard and preferences of SCA tools options
Thread pooling of some SCA tools