MENU

The Code Score Matrix: The innovative route to TÜV-tested quality & security for your software

How good is your code quality? Try it now for free!

Quick, simple, uncomplicated – the cheaper alternative for software certification

Whether for smart home systems, enterprise applications or IoT devices: TÜViT’s fully automated software check for your C/C++ source code is based on a code sensor that determines potential vulnerabilities and the degree of fragmentation of the source code. These are visualized in the form of the Code Score Matrix, a meaningful test label confirming the quality of your code.
  

Scans C/C++ source codes for over 50 different error classes

Scans for over 50 different error classes, such as buffer overflow, integer overflow, cryptography and many more.
  

More attention for your product thanks to a high-value test label

Our scoring system acts as a high-visibility exclamation point to highlight the quality and security of your software.
  

TÜViT represents top quality with over 25 years of experience

TÜV Informationstechnik (TÜViT) is 100 percent focused on IT security. It is a part of our DNA  – and has been since 1995.
  

Our unique quality label: Show how good & secure your code quality is!

How you benefit from using the Code Score Matrix

  

Convince your customers
Gain their trust with the software check from a globally recognized testing services provider.

Security by Design
Detect hotspots, potential vulnerabilities and fragmentation at an early stage.

Make your optimization visible
Use the Code Score Matrix to make the continuous improvement process of your software visible.

Sprint to the test result
The code sensor is fully automated. This ensures speed and quick test results.

Your source code stays with you
The actual scanning process is carried out in your own IT environment. Your source codes never leave your premises.*

Millions of lines of code in a few hours
Scans several million lines of code in a few hours by means of parallel scanning processes.

No additional expenditures
Testing as a Service (TaaS): No need for software selection, license acquisition or training.

Scans for over 50 different error classes
Scans for over 50 different error classes, such as buffer overflow, cryptography and many more.

*  When using the Professional version, you only send the results file and some product details to us. The results file contains detailed information about potential vulnerabilities found. This may include limited information about affected functions and data entities in the code. In the free version, the Code Score Matrix is generated directly in the browser.

How do I interpret the Code Score Matrix?

Source code is structured in directories by default. For each of these directories, our Code Sensor calculates the respective code size, as well as the density of potential security deficits. The determined code metrics are visualized in the form of the Code Score Matrix.
  

The larger a rectangle displayed within the Code Score Matrix, the more examined code is located in the respective directory.

  

The color indicates how many potential security deficits have been detected in a directory in relation to the code size and ranges from green (few) to red (many).


  

When is it permitted to use the Code Score Matrix as a marketing tool?

UNSATISFACTORY

Poor modularization of the source code with a high density of potential security deficits overall.

Promotional use of the Code Score Matrix is not possible.

ADEQUATE

Good modularization of the source code with few critical points.
  

Promotional use of the Code Score Matrix is not possible.

EXCELLENT

Overall very high source code quality in relation to all error classes tested for security and quality characteristics.

Promotional use of the Code Score Matrix is permitted.

Curious how our software check works?

Simply select an IoT sample code & drag it onto the matrix generator while holding down the mouse button. In a few seconds you will get the result matrix!

Just drag one of the sample device icons on the matrix generator.

No more examples left. It's time to scan your own code! Get your free demo here.

Drop sample code icons or your own code analysis here.

Code matrix waiting to be generated


SAMPLE CODE


MATRIX GENERATOR

Matrix is being generated…


CODE SCORE MATRIX

Please open this page on a larger screen or resize your window to use the application.

Overview of Code Score Matrix versions

Code Score Matrix Free

Acquire an initial impression of the quality
and security of your code.

Simple: No installation required
Runs without installation on Windows 10 (64 Bit) systems.

Comprehensive: Scans for over 50 different error classes.
Applicable to C/C++ code.

High-quality: Detects hotspots and potential vulnerabilities in the source code.
Your source codes are never transmitted and are only tested in the local environment.

Fast: Fully automated and parallel scanning processes.
Scans several million lines of code in just a few hours.

Secure: Source code is not transmitted.
Your source codes are never transmitted and are only tested in the local environment.

Results: Code Score Matrix Light.
This is generated without the source code via the TÜViT website and without a test report.

  

Try now for free

Your source code does not leave your company. 
Windows 10 (64 bit)
 


  

Code Score Matrix Professional

Advertise with the quality of your code and gain valuable tips regarding vulnerabilities and optimizations.

  All functions of the free version


plus
 

Comprehensive test report
We create a precise test report for your quality assurance containing all detailed analysis results. The results file contains detailed information about vulnerabilities found. This may include limited information about affected functions and data entities in the code.

Code Score Matrix marketing label
Informative label for promotional use, confirming the quality and security of your software.

Integration into your corporate design
Label may be integrated into your company’s own corporate design in accordance with the terms of use.

Starting point for further code optimization 
Results of the code testing serve as an ideal starting point for further code optimization and customized follow-up projects.

  

Benefit from recognized TÜV quality. 
Windows 10 (64 bit)

Analyze your C/C++ code for over 50 error classes

Our Code Sensor scans C/C++ code for over 50 different error classes in the areas of buffer overflow, integer overflow, cryptography, null pointer dereferencing, uninitialized variables, double frees, format string problems, race conditions, memory leaks, command injection, library injection, use of problematic APIs – and many more.
  


FAQ - Frequently asked questions:

What are the technical system requirements?

The Code Sensor is a portable Windows application. You require at least Windows 10 (x64, 64 bit). Windows 7 and older, 32-bit versions and ARM are not supported. There is no need to have a build environment for the code to be investigated. The technical system requirements can be easily tested by running our demo version.

Which error classes are detected?

Our Code Sensor scans C/C++ code for over 50 different error classes in the areas of buffer overflow, integer overflow, cryptography, null pointer dereferencing, uninitialized variables, double frees, format string problems, race conditions, memory leaks, command injection, library injection, use of problematic APIs – and many more.

Is the Code Score Matrix an alternative to certification according to ISO 25010?

In contrast to ISO 25010, the Code Score Matrix works directly on the source code and measures quality and security features in a fully automated way. The Code Score Matrix is therefore more comparable to an analysis according to ISO 5055. However, the Code Score Matrix analyzes the source code at the module level with a focus on security. ISO 5055, on the other hand, analyzes the code at the application level in the four categories of maintainability, performance efficiency, reliability, and security. Would you like to investigate other aspects besides security? If so, please contact us!

 

You still have questions? Our expert will be pleased to help you!

  


Eric Behrendt
TÜViT product specialist

+49 160 8880296
e.behrendt@tuvit.de