Secure Water Networks with CodeSonar
LACROIX SOFREL are specialist in the design and construction of telemetry and SCADA (supervisory control and data acquisition) products for district metering and leak detection on water supply networks.
“Following ASPICE guidance and proving it with CodeSonar helps us ensure we are developing quality software. CodeSonar enables Meet Automotive to deliver quality products and meet safety and security requirements”
CEO of IBM BACC
LACROIX Sofrel Partners with GrammaTech to Secure Water Networks
Partnering with the biggest contract operators of water and heating networks of local and regional authorities in France since its creation in 1971, LACROIX Sofrel is now hailed as the French market leader in telemetry and SCADA. A subsidiary of the LACROIX Industrial Group (with 4,000 employees) and leveraging extensive research and development resources, LACROIX Sofrel offers the guarantee of a sustainable company.
Many installations all over the world testify to its experience in numerous elds of application: water distribution, wastewater treatment, irrigation, heating, air conditioning, refrigeration, gas, electricity, etc.
Organized in skill clusters, LACROIX Sofrel’s design and engineering department masters all the technologies used in telemetry and SCADA network such as acquisition, communication, process control, consumption, etc. LACROIX Sofrel develops its entire range of products in-house with two objectives – innovation and quality – to offer the most advanced and sustainable functionalities.
Lacroix Sofrel products are used in very demanding environments, where crashes, bugs, and security vulnerabilities are not tolerated. In the design and engineering department, we need to be sure that the products sold will perform their duties, without requiring maintenance. With each product failure, users may have issues with their water network.
Today, new challenges are facing us. The freshwater supply is a critical resource and a likely target of cyberattacks and as such, we have to protect our products against these new risks. To ensure the constant quality and security improvement of LACROIX products, we implement the most modern quality methods throughout the hardware and software development lifecycle stages.
As part of our quality, safety, and security initiatives, we needed a product to ensure that software written by our developers is of high quality and this needed to be checked immediately during development. We also required a tool that is practical, easy to use, usable by all developers, and implements the latest software coding standards, such as MISRA C, used on some of our projects.
After a benchmark of many available solutions, we came to the conclusion that GrammaTech CodeSonar is the best possible solution for our needs. CodeSonar allows us to achieve analysis and remediation in a short amount of time. The cause of warnings is presented in detail, with execution path traces from root cause to warning location, making them understandable and easier to solve. The categorization and severity of warnings permit fast decision-making about when to solve the warning (immediately or later).
An example of how CodeSonar delivers value is how it prevented a serious issue that was introduced during software development. A particular code change had introduced a buffer overrun that could be triggered by external input.
This could have easily led to a security vulnerability. Luckily, before delivering the software to clients, CodeSonar detected this error and it was resolved quickly and efficiently.
Our team appreciates working with the CodeSonar server and web portal a.k.a., the “Hub”. It permits the annotation of warnings without touching the source code. User and permission management are also very easily managed through the hub.
CodeSonar is integrated into our automation process implemented in Jenkins. This integration allows the team to be sure that code modifications don’t break our software quality guidelines while reducing this time-consuming task for the developers. CodeSonar is a tool that, over time, has managed to take an important role in our software development process and has earned a good reputation with our developers.