40 years of LDRA Mission: Safety and Security

Liverpool – is not just a British industrial city and home town of the Beatles, but also home to »Liverpool Data Research Associates« or LDRA for short. Even after 40 years, demand for their product is as great as ever.

From today‘s point of view, software was quite simple 40 years ago. What led to the foundation of LDRA at that time?

Mike Hennell: You’re right that in 1975 when I founded LDRA, software in general was simpler. But I had been working as a research assistant, and later a professor, at the University of Liverpool where I was involved in the development of complex numerical algorithms for my nuclear physics research. Obviously, this was software that had to be as reliable and error-free as possible, so I created a software test bed to perform quality assessments to help with this work. People from the industry heard about it and wanted to purchase it. When it became clear that there was a market demand for the tool I started LDRA. For 40 years we’ve continued our focus on helping developers write the highest quality, most reliable code for safety- and security-critical applications. With my background as an academic, we are strongly researched-based and have developed extensive training programs around the world.

With ubiquitous connectivity, safety will no longer be possible without ensuring security. How is LDRA addressing this topic?

Security is not a new thing for us. From the get-go, we have been looking for technical faults that result in failures. Most security breaches stem from people finding technical faults left in a program and exploiting those. Nearly always, if a fault can cause a safety risk, it can be used to exploit the security of an application as well.

Nonetheless, there are now security standards out there such as CERT C and LDRA has added 200 rules to the analysis engine to track for compliance to CERT C – that’s dramatically more than our nearest competitor.

Which new applications demand LDRA’s tools to ensure safe and reliable operation?

The clear hot-buttons in the industry are autonomous vehicles in general, whether they are automotive, aerospace, or defense-related, as well as medical devices where there is a connection to the patient such as infusion pumps and patient monitors. Security is a real concern in these new applications that rely on connectivity to improve their performance and value and which are obvious targets for bad people who want to do bad things.

Why should customers upgrade to version 10 of the LDRA tool suite or why should they consider a trial?

We are very excited about our latest release as it directly addresses a number of requested features from our customers pertaining to security. V10 helps our customers write code that is more secure and ultimately safer by giving them better analysis and insight into their code through a higher level of architectural and data abstraction than was available to them before.

In this release we have further enhanced both our static and dynamic analysis capabilities to help our customers identify more potential security issues before deployment, saving them the cost and effort of having to update their software in the field should problems arise after deployment. Specific capabilities include a more data-centric view of their software so they can truly understand how, where, and even why data is being used.

V10 also enhances our customers’ ability to perform robustness testing on their applications, ultimately making them more resilient to attack, and in the end fundamentally safer. And, as always, from a certification or qualification perspective we continue to enhance our customers’ ability to analyze, visualize, and provide traceability and accountability throughout their secure software development life cycle.