>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PW.6.2Determine which compiler, interpreter, and build tool features should be used and how each should be configured, then implement and use the approved configurations.

PW.6

>Control Description

Determine which compiler, interpreter, and build tool features should be used and how each should be configured, then implement and use the approved configurations.

>Practice: PW.6

Configure the Compilation, Interpreter, and Build Processes to Improve Executable Security

Decrease the number of security vulnerabilities in the software and reduce costs by eliminating vulnerabilities before testing occurs.

>Notional Implementation Examples

  1. 1.Enable compiler features that produce warnings for poorly secured code during the compilation process.
  2. 2.Implement the “clean build” concept, where all compiler warnings are treated as errors and eliminated except those determined to be false positives or irrelevant.
  3. 3.Perform all builds in a dedicated, highly controlled build environment.
  4. 4.Enable compiler features that randomize or obfuscate execution characteristics, such as memory location usage, that would otherwise be predictable and thus potentially exploitable.
  5. 5.Test to ensure that the features are working as expected and are not inadvertently causing any operational issues or other problems.
  6. 6.Continuously verify that the approved configurations are being used.
  7. 7.Make the approved tool configurations available as configuration-as-code so developers can readily use them.

>Cross-Framework References

Mappings to related frameworks and standards from NIST SP 800-218

BSA FSS

DE.2-3
DE.2-4
DE.2-5

BSIMM

SE2.4
SE3.2

CNCF SSCP

Securing Build Pipelines—Verification
Automation

EO 14028

4e(iv)
4e(ix)

IEC 62443

SI-2

NIST IR 8397

2.5

Microsoft SDL

8

OWASP ASVS

14.1
14.2.1

OWASP MASVS

7.2

PCI SSLC

3.2

SAFECode Agile

Operational Security Task 8

SAFECode FPSSD

Use Current Compiler and Toolchain Versions and Secure Compiler Options

SAFECode SIC

Vendor Software Development Integrity Controls

SP 800-53

SA-15
SR-9

SP 800-161

SA-15
SR-9

SP 800-181 (NICE)

K0039
K0070

Ask AI

Configure your API key to use AI features.