Latest Content

The global increase in connectivity and reliance on software is opening doors to exploits daily. Software quality and security is more important now than ever before.

GrammaTech on List of Top Ten Homeland Security Solution Providers

...

Read Article
The Role of Static Analysis in Assessing Trustworthiness of IIoT Software

In a previous post I introduced the Industrial Internet Consortium (IIC), the reference architecture and the concepts of trustworthiness used in their security framework. Since that...

Read Article
How Sound Static Analysis Complements Heuristic Analysis

Not all static analysis tools work the same, there are in fact a spectrum of tools that use a variety of techniques ranging from relatively simple syntactic analysis through very...

Read Article
How Sound Static Analysis Complements Heuristic Analysis

Not all static analysis tools work the same, there are in fact a spectrum of tools that use a variety of techniques ranging from relatively simple syntactic analysis through very...

Read Article
4:21

Life at GrammaTech

Interested in applying to GrammaTech? Here we take an inside look at our corporate culture, discuss benefits, tour the office, and offer an introduction to all things GrammaTech - take a look!

Watch Video
Tainted Data and Format String Attack Strike Again

A recent code execution vulnerability (we also call this a code injection vulnerably) was discovered in Palo Alto Networks’ GlobalProtect SSL VPN, a product that handles SSL handshakes...

Read Article
The Role of Static Analysis in the SAE J3061 Cybersecurity Process Framework

The Society of Automotive Engineers (SAE) J3061 cybersecurity process framework was created to address a large disconnect between advances in automotive software and the increasing...

Read Article
GrammaTech Joins the MISRA Committee

...

Read Article
Shift Left Quality and Security with Automated Unit Testing, Dynamic and Static Analysis

Our partner, Vector Software, recently announced the official release of the VectorCAST and GrammaTech CodeSonar integration. This prompted this post to discuss the role of static and...

Read Article
What is Static Application Security Testing (SAST)?

We often get the question from developers and engineering managers: “What is SAST?” often followed by “Ok, what do SAST tools do exactly for security?” Many people know the acronym as...

Read Article
Merging of the MISRA C++ and AUTOSAR C++ Guidelines is Good News for Safety Critical Software Development

The MISRA Consortium recently announced the merger of MISRA C++ 2008 and AUTOSAR C++14 into a common guideline. This is positive news since it combines two key standards for coding in...

Read Article
Linux Foundation’s ELISA Project to Bring Linux to Safety Critical Systems

The Linux Foundation’s announcement of the ELISA (Enabling Linux in Safety Applications) project was of interest to us because it requires a significant effort in evaluating open source...

Read Article
Webinar Recording - What's New in CodeSonar 5.1?

Interested in upgrading to CodeSonar 5.1? In this webinar, Mark Hermeling, Senior Director of Product Marketing, will walk through all of the new features...

Read Article
Easing the Adoption of Static Analysis into Existing Projects

Read the document
DevSecOps - Integrating Static Application Security Tools (SAST) in DevSecOps

Read the document
Static Analysis and UL 2900 Standard for Software Cybersecurity

The UL 2900 is a software cybersecurity standard, specifically a Cybersecurity Assurance Program or CAP, released by Underwriter’s Laboratory (UL). Yes, this is the same company whose...

Read Article
Using Static Analysis with Legacy Code

The adoption of any new tool into an existing software development process and established code base is always a challenge. Static analysis tools are no different but there are steps to...

Read Article
FDA Updates Guidance for Managing Cybersecurity for Medical Devices

In a previous post, I discussed the role of static analysis in managing cybersecurity for medical devices. It was in reaction to initial guidance published by the FDA in the document...

Read Article
GrammaTech Releasing Binary Analysis and Rewriting Interface into Open Source

...

Read Article
Open-source Tools for Binary Analysis and Rewriting

Unfortunately binary-only software is unavoidable; dependencies of active software projects, firmware and applications distributed without source access, or simply old software whose...

Read Article
Loading More...

Latest Content

GrammaTech on List of Top Ten Homeland Security Solution Providers

...

The Role of Static Analysis in Assessing Trustworthiness of IIoT Software

In a previous post I introduced the Industrial Internet Consortium (IIC), the reference architecture and the concepts of trustworthiness used in their security framework. Since that...

How Sound Static Analysis Complements Heuristic Analysis

Not all static analysis tools work the same, there are in fact a spectrum of tools that use a variety of techniques ranging from relatively simple syntactic analysis through very...

How Sound Static Analysis Complements Heuristic Analysis

Not all static analysis tools work the same, there are in fact a spectrum of tools that use a variety of techniques ranging from relatively simple syntactic analysis through very...

Life at GrammaTech

Interested in applying to GrammaTech? Here we take an inside look at our corporate culture, discuss benefits, tour the office, and offer an introduction to all things GrammaTech - take a look!

Tainted Data and Format String Attack Strike Again

A recent code execution vulnerability (we also call this a code injection vulnerably) was discovered in Palo Alto Networks’ GlobalProtect SSL VPN, a product that handles SSL handshakes...

The Role of Static Analysis in the SAE J3061 Cybersecurity Process Framework

The Society of Automotive Engineers (SAE) J3061 cybersecurity process framework was created to address a large disconnect between advances in automotive software and the increasing...

GrammaTech Joins the MISRA Committee

...

Shift Left Quality and Security with Automated Unit Testing, Dynamic and Static Analysis

Our partner, Vector Software, recently announced the official release of the VectorCAST and GrammaTech CodeSonar integration. This prompted this post to discuss the role of static and...

What is Static Application Security Testing (SAST)?

We often get the question from developers and engineering managers: “What is SAST?” often followed by “Ok, what do SAST tools do exactly for security?” Many people know the acronym as...

Merging of the MISRA C++ and AUTOSAR C++ Guidelines is Good News for Safety Critical Software Development

The MISRA Consortium recently announced the merger of MISRA C++ 2008 and AUTOSAR C++14 into a common guideline. This is positive news since it combines two key standards for coding in...

Linux Foundation’s ELISA Project to Bring Linux to Safety Critical Systems

The Linux Foundation’s announcement of the ELISA (Enabling Linux in Safety Applications) project was of interest to us because it requires a significant effort in evaluating open source...

Webinar Recording - What's New in CodeSonar 5.1?

Interested in upgrading to CodeSonar 5.1? In this webinar, Mark Hermeling, Senior Director of Product Marketing, will walk through all of the new features...

Easing the Adoption of Static Analysis into Existing Projects

DevSecOps - Integrating Static Application Security Tools (SAST) in DevSecOps

Static Analysis and UL 2900 Standard for Software Cybersecurity

The UL 2900 is a software cybersecurity standard, specifically a Cybersecurity Assurance Program or CAP, released by Underwriter’s Laboratory (UL). Yes, this is the same company whose...

Using Static Analysis with Legacy Code

The adoption of any new tool into an existing software development process and established code base is always a challenge. Static analysis tools are no different but there are steps to...

FDA Updates Guidance for Managing Cybersecurity for Medical Devices

In a previous post, I discussed the role of static analysis in managing cybersecurity for medical devices. It was in reaction to initial guidance published by the FDA in the document...

GrammaTech Releasing Binary Analysis and Rewriting Interface into Open Source

...

Open-source Tools for Binary Analysis and Rewriting

Unfortunately binary-only software is unavoidable; dependencies of active software projects, firmware and applications distributed without source access, or simply old software whose...