Prism Issue Classification and the Rules and Instance Knowledgebase

What it is

A programmable classification system for code quality and security issues, a set of interpretive statements that define what to do if a specific issue is encountered and a database repository for tracking, storing and reporting both new and historical issues, remediation information and exploitation triggers.

What it does

Enables Prism to perform unique and specific source code quality testing operations. First, issue detection output is compared against the Prism knowledgebase and/or a customer-specific database of software quality issues and rules.




Figure 2 - The Reflective Knowledgebase

 

Library and real code instances are included in the knowledgebase to help educate developers and answer specific questions about the issues themselves. Knowledgebase information is derived from multiple sources spanning several public and private organizations, university research labs and libraries. As Prism tests and records issues in code Reflective researchers assess and add the appropriate findings into the knowledgebase. New knowledgebase updates are immediately “pushed” to every Reflective customer. At their discretion the customer can choose to accept, reject or archive the knowledgebase update.  

Why it matters

The rules, issues and knowledgebase enable Reflective to quickly and continually improve the quality of Prism’s output. Essentially, the more code run through Prism, the smarter the rule set gets. Moreover, as new issues are identified (either by the customer, public sources or Reflective) the knowledgebase can be immediately updated. This is an important advantage over seat-license software tools which rely on a next release cycle for improvement of their rules. Instant rules updating is a unique feature of the Prism technology.

Most important is that Prism recognizes that all issues are not of equal importance to all companies or all departments. What a security analyst might want to test for can be different than what a QA engineer or the development group manager wants to know. With Prism, the customer can set their own baselines and create customer or department-specific rule templates. This enables the customer to use Prism to examine the code base of the enterprise  for issues that are of specific interest to the Prism user or the company as a whole. Prism’s ability to filter issues on reports or change rules based upon a specific user need is a unique advantage of Reflective's technology.