An electrical corporation hired DMC to be their third-party cybersecurity code reviewer. DMC provided the necessary checks of all source code for their LabVIEW application to ensure that the code met a high standard for quality and integrity.
DMC used a combination of manual inspection, LabVIEW VI Scripting, and VI Analyzer to inspect and flag each VI. For example, VI Scripting identified all password-protected VIs. This ensured that a malicious actor did not conceal insecure code in the client’s project. Custom VI Scripts were also written to identify the use of system calls and external libraries, in order to ensure that the application was not accessing other code on the system at runtime.
LabVIEW VI Analyzer is a LabVIEW software add-on that performs static analysis and can be customized for automated code review. LabVIEW VI Analyzer runs diagnostics checking for violations of LabVIEW code best practices. Violations of best practices can conceal insecure LabVIEW code since its graphical nature allows code to be visually obscured or otherwise hidden. Once the LabVIEW VI Analyzer identifies suspicious code, manual inspection can be used to thoroughly investigate.
DMC’s own LabVIEW code also leverages VI Analyzer to provide quality feedback. This enforces our in-house coding style and best practices, ensuring that subsequent in-person code reviews are efficient and targeted toward application-specific requirements.
DMC was a good fit for this project because of the number of Certified LabVIEW Architects we have on staff. Although all code was developed by the client, the expertise of our CLAs provided an in-depth understanding of LabVIEW software architecture, the LabVIEW runtime, VI Scripting, VI Analyzer, best practices, and potential vulnerabilities.
DMC also provided extensive documentation capturing the results of the code review. This included screenshots, descriptions of potential vulnerabilities, and mitigation paths. The documentation provided actionable information for improving the reviewed software as well as any future code.
Learn more about DMC's LabVIEW Programming Expertise and our partnership with NI.