Project Background

The platform software of a globally renowned systems and equipment vendor faces significant challenges in supporting its worldwide clientele, such as highly complex and ever-changing features and the need to simultaneously support a wide range of heterogeneous hardware. To address these issues, the client plans to leverage software architecture and engineering optimization to achieve architectural decoupling, flexible component customization, and automated management of interfaces and dependencies. Combined with the establishment of efficient developer testing processes and a traceable software build system, the client aims to achieve improved software delivery efficiency and quality, and a trustworthy development process.

Consulting Process

Based on the characteristics of the client's software, we analyzed the changes required for the software and tailored the requirements accordingly. Combining requirements for build traceability and testing efficiency, we performed domain modeling with the client’s business experts, decoupling the software into components aligned with different change directions for software, lifecycles, and scales of customization. In parallel, we designed an online modelling configuration for individual hardware boards and a code generation toolchain, helping the client improve development and test efficiency. Then, we led the client’s team in prototyping the new architecture, successfully developing and delivering the core code. In the process, we also helped establish an efficient and traceable software build process, as well as robust developer testing and engineering capabilities.

Collaborative Achievements

The new platform architecture design successfully decouples the software's diverse features from its hardware variations, fulfilling the key requirements for a trustworthy process that is tailorable, traceable, and testable. Moreover, the code refactored according to this new architecture resulted in a 70% reduction in code volume and doubled build efficiency for the same functionality.

Project Background

A world-leading tech firm developing critical software systems was struggling with major security and quality issues, especially vulnerabilities like taint propagation issues, use-after-free (UAF) vulnerabilities, and buffer overflows in a C/C++ environment. The client’s goal was to build a secure coding framework powered by advanced static analysis and a secure programming framework to fundamentally improve code security and resolve critical pain points like high false alarm rates, and inefficient alert analysis. The objective was to achieve robust software security and trustworthiness while maintaining high development efficiency.

Consulting Process

Based on the client's specific software characteristics and their real-world security coding pain points, we conducted an in-depth analysis of the security features of C++ and the design principles of the Rust language, culminating in the design of a comprehensive security enhancement solution for C++. We then tackled the core technical challenges of the static analysis engine, conducting deep research and optimization to support C++'s dynamic features (such as classes and polymorphism) and to handle complex issues like implicit taint propagation. By benchmarking against the design of industry-leading static analysis tools and analyzing the underlying algorithmic architecture of various open-source engines, our team proposed a novel problem-modeling approach and designed an optimization plan tailored to the client's business needs. Leading the client's core team, we completed the development of a foundational C++ security library and its corresponding analysis tool. During this process, the team also optimized the alerting policy, significantly reducing the rate of duplicate alerts and improving the efficiency of manual alert analysis.

Collaborative Achievements

The proposed C++ secure programming framework and static analysis solution are a full year ahead of the rest of the industry, while also effectively eliminating critical vulnerabilities like use-after-free and buffer overflows. On client benchmarks, we achieved a false positive rate of under 15%. This holistic solution not only improved security but also development efficiency and code quality, providing the client with a robust and trustworthy software assurance system.