Latest Content

The global increase in connectivity and reliance on software is opening doors to exploits daily. Software quality and security is more important now than ever before.

  • CodeSonar Binary Analysis External Library Demonstration

    CodeSonar Binary Analysis External Library Demonstration

    INTRODUCTION: Static analysis is an important part of developing high quality software. It finds problems before code is even testable - problems that may get overlooked during...

    Read Article
  • The Role of Static Analysis in a Secure Software Development Lifecycle

    The Role of Static Analysis in a Secure Software Development Lifecycle

    INTRODUCTION: "When should static analysis be applied?" The answer to this question is fairly straightforward: "whenever code is being developed." This however, is a simplification....

    Read Article
  • ×

    Receive Monthly Updates in your Inbox

    Thank you!
    Error - something went wrong!
  • GrammaTech Named to 50 Most Promising IoT Solution Providers

    GrammaTech Named to 50 Most Promising IoT Solution Providers

    GrammaTech, a leading developer of software-assurance tools and advanced cyber-security solutions, was named to CIO Review Magazine’s list of 50 Most Promising IoT Solution Providers of...

    Read Article
  • GrammaTech Named to 50 Most Promising IoT Solution Providers

    GrammaTech Named to 50 Most Promising IoT Solution Providers

    GrammaTech, a leading developer of software-assurance tools and advanced cyber-security solutions, was named to CIO Review Magazine’s list of 50 Most Promising IoT Solution Providers of...

    Read Article
  • Protect Your Software Supply Chain1:55

    Protect Your Software Supply Chain

    In the increasingly fast-paced world of software development, leveraging third-party code can be a powerful shortcut. But are you taking into account the added risks?

    Watch Video
  • Software Supply Chain Risk Management1:54

    Software Supply Chain Risk Management

    Watch Video
  • Automated Binary Code Analysis for Software Forensics

    Automated Binary Code Analysis for Software Forensics

    INTRODUCTION: In my last post, I talked about extending the term software forensics to include any investigation of software, whether to detect crime, or for example, investigate a...

    Read Article
  • Static Analysis, Railway Safety-Critical Software, and EN 50128-8

    Static Analysis, Railway Safety-Critical Software, and EN 50128-8

    Read the document
  • Allworx

    Allworx

    Read the document
  • Software Forensics: Beyond the Law

    INTRODUCTION: Traditionally, the term "forensics" is the use of science to discover evidence of criminal activity. Extending this to software broadens the use case to consider all of...

    Read Article
  • GrammaTech CodeSonar1:29

    GrammaTech CodeSonar

    CodeSonar® is a sophisticated static analysis tool for source code and binary code, that detects bugs and security vulnerabilities that other static analysis tools miss.

    Watch Video
  • Reps at Sixty

    A look at the development of machine-code analysis and the difference between academic and commercial research Recently, the Reps at Sixty workshop was held in Edinburgh, Scotland in honor of my...

    Read Article
  • ×

    Receive Monthly Updates in your Inbox

    Thank you!
    Error - something went wrong!
  • Homeland Security Issues Guidance on IoT Security

    Homeland Security Issues Guidance on IoT Security

    INTRODUCTION: The Department of Homeland Security (DHS) published its recent IoT security guidelines after many months of deliberation. The document codifies many of the...

    Read Article
  • VDC finds IoT fueling faster software development but with greater requirements for security protection

    VDC finds IoT fueling faster software development but with greater requirements for security protection

    INTRODUCTION: VDC’s recent report “Software Assembly Practices Necessitate More Precautions” highlights a significant software challenge for IoT device manufacturers. A majority of...

    Read Article
  • Finding Bugs is Only the Beginning

    Finding Bugs is Only the Beginning

    I sometimes describe our main commercial product, CodeSonar, as a “defect detection tool.” While this is a convenient shorthand, it ignores a lot of what CodeSonar attempts to...

    Read Article
  • Tainted Data Analysis in CodeSonar6:05

    Tainted Data Analysis in CodeSonar

    What is tainted data analysis? How can you leverage taint analysis to find anomalous or unstructured data that can be used by attackers to gain access or crash an application? The questions answered a

    Watch Video
  • What is Taint Checking?

    What is Taint Checking?

          Taint checking? This isn't a trap, I promise. It sounds vulgar, but its etymology is perfectly reasonable, stemming from the notion...

    Read Article
  • Reducing Risk and Costs of DO-178B and DO-178C Certification with Static Analysis

    Reducing Risk and Costs of DO-178B and DO-178C Certification with Static Analysis

        INTRODUCTION: DO-178C – “Software Considerations in Airborne Systems and Equipment Certification” – provides production guidelines for software that is to be used in airborne...

    Read Article
  • Accelerating Automotive Software Safety with MISRA and Static Analysis

    Accelerating Automotive Software Safety with MISRA and Static Analysis

        INTRODUCTION: The MISRA C/C++ coding guidelines were created based on concerns about the ability to safely use the C and C++ programming languages in critical automotive...

    Read Article
  • CodeSonar1:28

    CodeSonar

    Watch Video
  • loading
    Loading More...