Samsung has reportedly invested $10 million in SVACE (Security Vulnerabilities and Critical Errors Detector) technology to improve security of Tizen apps. This technology detects potential vulnerabilities and errors that might exist in the source code of Tizen apps.
SVACE was developed by ISPRAS (Institute for System Programming of the Russian Academy of Sciences), which is based out of Russia. Samsung has entered into an agreement with the Institute, but ISPRAS will retain full rights to the intellectual property rights. However, Samsung can use the technology freely as its funder. According to Marat Guriev, general director for technology and information services at Samsung Electronics Russia, the company began using it as its only tool to analyze the source code of apps since 2015.
Samsung has included SVACE as a part of the Tizen Static Analyzer in the Tizen SDK and Studio. It can be used to perform a static security analysis of C/C++ source code in Tizen apps. However, it can also be used to find problems such as dereference of Null Pointers, Memory Leaks, Division by Zero, and Double Free in C, C++, C#, and Java code.
