Latest Content
The global increase in connectivity and reliance on software is opening doors to exploits daily. Software quality and security is more important now than ever before.
-
Read ArticleSurprising Uses of Static Analysis: Performance Optimization
Static analysis is typically used to find errors in software, often serious bugs, such as buffer overruns that lead to quality or security issues. GrammaTech CodeSonar is an advanced...
-
Read ArticleDetecting the Beep Vulnerability with CodeSonar
The linux beep utility is a small utility command to literally send a tone to the user’s speaker. A subtle error in the utility gives arise to a local privilege escalation that was...
-
Read ArticleOn-Demand Webinar: Extending Static Analysis to Include Third Party Libraries
Twenty-five percent of embedded projects use content from commercial third parties. This content is often delivered in binary, not in source....
-
Read ArticleAutomatic Detection of Proprietary Coding Rule Violations
Guest Blog by Rob Daulton, Consultant at Valbrio
-
Read ArticleThe Anatomy of a Segmentation Fault – A real life example
I was browsing StackOverflow.com and came across a user running into a segmentation fault in their programming assignment. This problem looked like an ideal case for static analysis....
-
Read ArticleUsing Dynamic Metrics with Static Analysis
GrammaTech CodeSonar is primarily a static analysis tool, but there are some circumstances where it is useful to present dynamic information alongside static results. For example,...
-
Read ArticleNew Features of C++: Small but Useful Features
C++11 added multiple smaller language features as well as the marquee features we've already talked about. Despite these being smaller language features, they're still powerful...
-
Read ArticleEmbedded World 2018 Presentation: Static Analysis ++
vfff Mark Hermeling details how we can make static analysis better using examples from GrammaTech's advanced static analysis tool, CodeSonar.
-
Read ArticleNew Features of C++: Automatic Type Inference
Automatic type inference (or type deduction) is where you allow the compiler to infer the type information used for a declaration by obtaining it from some related...
-
Read ArticleGrammaTech Extends the Reach of Static Analysis
...
-
Read ArticleImproving Static Analysis Around Binary Libraries
INTRODUCTION: Many software projects rely on third party code, system libraries and re-used binary code from other projects. Advanced static analysis tools reason about the program...
-
Read ArticleNew Features of C++: Move Semantics
Move semantics are another game-changer introduced in C++11. One large complaint about writing C++ code was that copy construction and copy assignment can cause performance issues...
-
Read ArticleGetting a GRASP on Security and Privacy of Mobile Apps
INTRODUCTION: The recent controversy surrounding the Strava fitness app has illustrated a critical security problem. Ultimately the use of a fitness app that transmits location data...
-
Read the documentDISA-STIG | CodeSonar 4.5p2
-
Read the documentGrammaTech CEW Java | CodeSonar 4.5p2
-
Read the documentGrammaTech CWE C++ | CodeSonar 4.5p2
-
Read the documentGrammaTech CERT Java | CodeSonar 4.5p2
-
Read the documentGrammaTech CERT C++ | CodeSonar 4.5p2
-
Read the documentGrammaTech CERT C CodeSonar 4.5p2
-
Read ArticleNew Features of C++: Lambdas
Code written for modern C++ (C++11 and later) is often structured differently than code written for C++03 and earlier – STL algorithms are now more powerful and easier to use, more...
-
Loading More...
