MENU

Code Score Matrix: Your Business Card for Software Quality and Security

  • Download now and start scanning!

The alternative to software certification – The TÜViT software check


Are you a manufacturer of an IoT device and would like to objectively prove that the software used in it is secure? With the Code Score Matrix we make the software quality and security of your product visible in a unique quality label.

TÜViT’s fully automated software check is based on a Code Sensor that determines potential vulnerabilities and the degree of fragmentation of the source code. These are visualized in the form of the Code Score Matrix, a meaningful test label confirming the code quality in your IoT device.

Curious how our software check works?

Simply select an IoT sample code & drag it onto the matrix generator while holding down the mouse button. In a few seconds you will get the result matrix!

Just drag one of the sample device icons on the matrix generator.

No more examples left. It's time to scan your own code! Get your free demo here.

Drop sample code icons or your own code analysis here.

Code matrix waiting to be generated


SAMPLE CODE


MATRIX GENERATOR

Matrix is being generated…


CODE SCORE MATRIX

Please open this page on a larger screen or resize your window to use the application.

How do I interpret the Code Score Matrix?

Source code is structured in directories by default. For each of these directories, our Code Sensor calculates the respective code size, as well as the density of potential security deficits. The determined code metrics are visualized in the form of the Code Score Matrix.
  

The larger a rectangle displayed within the Code Score Matrix, the more examined code is located in the respective directory.

  

The color indicates how many potential security deficits have been detected in a directory in relation to the code size and ranges from green (few) to red (many).


  

Sample interpretations

Example 1

Good modularization of the source code with few critical positions.

Example 2

Poor modularization of the source code with a high density of potential security deficits overall.

Example 3

Extensive software project with an accumulation of potential defects in an individual area.

Example 4

Good source code quality overall.

  

Have we awakened your interest? If so, start now with the Code Score Matrix.

  

FREE VERSION
  

Acquire an overview 

Scan your source code with our Code Sensor and acquire an initial visual impression of the quality and security of your codes.

To the start: the free version
  • Can be executed on all common Windows 10 (64-bit) systems without installation
  • Scans C/C++ codes for over 50 different error classes
  • Scans several million lines of code in a few hours by means of parallel scanning processes
  • Detects hotspots and potential vulnerabilities in the source code
  • Result processing in the form of the Code Score Matrix, carried out via the TÜViT website

VIP VERSION
  

+ Extensive test report

We create an accurate test report for your quality assurance. In this report, all of the analysis results are listed in detail.

+ Label for promotional use

Our informative label makes it clear at a glance: this software has quality. Advertise now with our label to stay ahead of the competition.

More options: the VIP version
  • Can be executed on all common Windows 10 (64-bit) systems without installation
  • Scans C/C++ codes for over 50 different error classes
  • Scans several million lines of code in a few hours by means of parallel scanning processes
  • Detects hotspots and potential vulnerabilities in the source code
  • Result processing in the form of the Code Score Matrix
  • Results file of the VIP version contains detailed analysis results for code improvement
  • Informative label for promotional use that confirms the quality and security of your software
  • Label may be integrated into your company’s own corporate design in accordance with the terms of use

It’s as simple as this: to the Code Score Matrix in just 4 steps

FREE VERSION

Free version
  

Download our Code Sensor here.

Scan the source code that you would like to check.

Save the results file with the analysis of your source code.

Drag & drop the results file with the mouse onto the Matrix Generator at the top of this page & get your Code Score Matrix.

VIP VERSION

VIP version
 

Download our Code Sensor here.

Scan the source code that you would like to check.

Save the results file with the analysis of your source code.

Send the analyzed file to us. We will send you a detailed test report and our label for promotional use.

Your benefits at a glance

Quality at first sight

With our scoring system, you can objectively prove the quality and security of your software.

Gaining trust

Convince your customers with the software check of a globally recognized testing services provider.

Becoming better & visible

Make the continuous improvement process of your software visible with the Code Score Matrix.

In the sprint to the test result

The Code Sensor is completely automated. This ensures speed and fast test results.

Wide range of tests

Scans C/C++ codes for over 50 different error classes.

A sure thing

The actual scanning process is carried out in your own IT environment. Your source code never leave your premises.

Testing as a service (TaaS)

Directly to the test result without any software selection, license procurement or training.

Millions of lines of code

Scans several million lines of code in a few hours through parallel scanning processes.

Security by Design

Detect hotspots, potential vulnerabilities and fragmentation in good time.

Frequently asked questions:

Why is software quality testing important?

Flawed or vulnerable software products not only cause downstream costs, but also damage a company's reputation in the long run. For this reason, quality assurance is of crucial importance in software development.

I would like to analyze my code – and I want to do it for free. What are the next steps?

Download the free demo version here and follow the enclosed instructions.

How is my code protected during testing?

The Code Sensor scans your code in your development environment. This is even possible offline. Subsequently, you only send the results file and some product details to us. The results file contains detailed information about the potential vulnerabilities found. These details may include limited information about the functions and data entities covered by the code. In the free version, the generation of the Code Score Matrix from the results file is carried out directly in the browser.

Which error classes are detected?

Our Code Sensor scans C/C++ code for over 50 different error classes in the areas of buffer overflow, integer overflow, cryptography, null pointer dereferencing, uninitialized variables, double frees, format string problems, race conditions, memory leaks, command injection, library injection, use of problematic APIs – and many more.

What are the technical system requirements?

The Code Sensor is a portable Windows application. You require at least Windows 10 (x64, 64 bit). Windows 7 and older, 32-bit versions and ARM are not supported. There is no need to have a build environment for the code to be investigated. The technical system requirements can be easily tested by running our demo version.

Hooray, my matrix is green! How does this help me?

You will receive a TÜV label with which you can advertise internationally.

In my matrix, some of the areas are red. What now?

You have discovered your security hot spots. We help you to improve your code!

Is the Code Score Matrix an alternative to certification according to ISO 25010?

In contrast to ISO 25010, the Code Score Matrix works directly on the source code and measures quality and security features in a fully automated way. The Code Score Matrix is therefore more comparable to an analysis according to ISO 5055. However, the Code Score Matrix analyzes the source code at the module level with a focus on security. ISO 5055, on the other hand, analyzes the code at the application level in the four categories of maintainability, performance efficiency, reliability, and security. Would you like to investigate other aspects besides security? If so, please contact us!

Your individual Code Matrix still contains red areas?

You are dissatisfied with the result of the analysis? If so, first take a look at the individual detailed report. Here you will find an individual listing of the findings. Upon request we can also support you with the detailed analysis. We will be pleased to provide you with a non-binding offer for this.