A Source code analysis Toolbox for software security AssuraNCE

Latest news

Stance Press Release


07/09/2016: Please click here to read the press release!

Read More

Frama-C Day 2016


In a society driven by information technologies and communication, the safety and security of software have become crucial challenges. Frama-C is a software analysis platform that enables the design, implementation, and dissemination of formal verification solutions.

Speakers at the Frama-C Day will demonstrate and discuss innovative approaches to software analysis, from both academic and industrial points of views.

In addition to invited presentations, this will be a space for community discussions, updates on new developments, and upcoming projects.

Click here for more details

Read More


Press Release

Commissariat à l’Energie Atomique, France

An Introduction to VeriFast for Java

Jochen Burghardt, Hans Werner Pohl

A Trusted Virtual Security Module

Ronald Toegl, Florian Reimair, Martin Pirker

A Source code analysis Toolbox for software security AssuraNCE

STANCE is a multi-disciplinary initiative with the objective of driving scientific and technological breakthroughs in the domain of software security. Over three years, STANCE will define, implement and validate a set of program analysis tools capable of verifying the security of complex software systems made in C, C++ and Java. STANCE proposes to build on existing assets: formal methods, state-of-the-art static and dynamic program analysis tools, security evaluation expertise, and industry-specific knowledge will be used and significantly extended. The resulting program analysis toolbox and supporting methods will increase the trustworthiness and the cost-effectiveness of existing security-oriented processes. These innovations will durably alter the domain of software security assurance, with broad consequences on its legal, societal, and economic aspects.

More specifically, the objective of STANCE is to define, implement and distribute a toolbox – a set of source code analysis tools – capable of verifying the security properties of applications written in C, C++, and Java. STANCE will rely on existing analysis tools:

  • The Frama-C platform, an extensible and collaborative platform dedicated to the source-code analysis of C software
  • The VeriFast verifier, an analyser for C and Java source code annotated with formulas written in separation logic
  • The Flinder tool, which does injection-based white box security testing, allowing deep inspection of function-level code constructs




STANCE is a project funded by the European Commission, under the ICT theme of the Seventh Framework Programme