What security standards does CA 2E follow and uses for code generation?

CA 2E

CA 2E is an application development product.

CA 2E uses IBMi's natively provided language tooling to generate the code.

No 3rd party/open source components are used. Therefore, vanilla code generated by CA 2E is not vulnerable to 3rd party/open source vulnerabilities. Also, using CA 2E, various types of end user applications can be generated for different domains. Due to this, there are no domain specific enhanced security standards implemented in the vanilla code generated by CA 2E.

However, customers take the vanilla code generated by CA 2E as the base and extend it to include security related functionality as per their requirements. Some examples include column level encryption using field procedures, access to Web Services/Web Option over a secure SSL/HTTPS connection, application wide journaling for physical files/tables, object level authorities for restricting/allowing access to data and functions etc.

Value will be in carrying out domain specific testing for the generated application hosted on the production, to verify if it meets the desired security standards.

Broadcom has not received any security related issues from customers until now on the vanilla code generated by CA 2E.

With respect to the scope and nature of the CA 2E product, Broadcom recommends to carry out the additional testing on the generated application. If any security issues are encountered, please contact Broadcom Support so that the impact on the vanilla code generated by CA 2E can be reviewed and appropriate action taken as per Broadcom's support policy.