Bill Graham

  • Static Analysis and UL 2900 Standard for Software Cybersecurity

    Static Analysis and UL 2900 Standard for Software Cybersecurity

    The UL 2900 is a software cybersecurity standard, specifically a Cybersecurity Assurance Program or CAP, released by Underwriter’s Laboratory (UL). Yes, this is the same company whose...

    Read Article
  • Using Static Analysis with Legacy Code

    Using Static Analysis with Legacy Code

    The adoption of any new tool into an existing software development process and established code base is always a challenge. Static analysis tools are no different but there are steps to...

    Read Article
  • FDA Updates Guidance for Managing Cybersecurity for Medical Devices

    FDA Updates Guidance for Managing Cybersecurity for Medical Devices

    In a previous post, I discussed the role of static analysis in managing cybersecurity for medical devices. It was in reaction to initial guidance published by the FDA in the document...

    Read Article
  • Memory Safety Issues Are Still the Leading Source of Security Vulnerabilities

    Memory Safety Issues Are Still the Leading Source of Security Vulnerabilities

    A recent headline was published in several technology news outlets, at ZDNet “Microsoft: 70 percent of all security bugs are memory safety issues” and Fudzilla, “More than 70 percent of...

    Read Article
  • Integrating Clang Static Analyzer with CodeSonar using SARIF

    Integrating Clang Static Analyzer with CodeSonar using SARIF

    We have discussed the benefits of using SARIF, an open standard for exchanging static analysis results, in a previous post. Integration between tools is simplified by using this open...

    Read Article
  • Using Static Analysis to Detect API Usage Anomalies

    Using Static Analysis to Detect API Usage Anomalies

    Read Article
  • CodeSonar in the SWAMP

    CodeSonar in the SWAMP

    INTRODUCTION: The Software Assurance Marketplace (SWAMP) is an open tool set designed to improve quality and security started by the Department of Homeland Security Science and...

    Read Article
  • The Role of Static Application Security Tools (SAST) in DevSecOps

    The Role of Static Application Security Tools (SAST) in DevSecOps

    The term DevSecOps is a contraction of DevOps, itself a contraction of Developer Operations, and Security. It’s the in-vogue buzzword for 2018 that, despite the hype, does have positive...

    Read Article
  • How Does the OWASP Top 10 Apply to C/C++ Development?

    How Does the OWASP Top 10 Apply to C/C++ Development?

    The Open Web Application Security Project (OWASP) is a non-profit organization focused on improving web software security. Each year they publish a top ten list of the most critical web...

    Read Article
  • What Does Application Security Mean for Embedded Devices?

    What Does Application Security Mean for Embedded Devices?

      The term application security is a popular one in the software community. When people refer to application security, they typically talk about enterprise applications, the...

    Read Article
  • Large Scale Weapon Systems Cybersecurity Threat is a Concern and Opportunity

    Large Scale Weapon Systems Cybersecurity Threat is a Concern and Opportunity

    The Government Accounting Office (GAO) was asked to review the state of the Department of Defense (DOD) weapons systems’ cybersecurity. Unfortunately, their findings were not...

    Read Article
  • The Best of Both Worlds: Aggregating Static Analysis Results from Best of Breed Tools

    The Best of Both Worlds: Aggregating Static Analysis Results from Best of Breed Tools

    Many companies are using a mix of languages and are developing different types of software from low-level drivers and firmware, to middleware and applications with elegant user...

    Read Article
  • Quality and Security Assurance with CodeSonar for Crank Software’s Mission Critical Multi-Platform Storyboard Suite

    Quality and Security Assurance with CodeSonar for Crank Software’s Mission Critical Multi-Platform Storyboard Suite

    Crank Software's products and services enable R&D teams and user interface (UI) designers to quickly and collaboratively develop rich, animated UIs for resource-constrained embedded...

    Read Article
  • C and C++ Use Continues to Grow: Emphasizes the Need for Tools to Assure Quality and Security

    C and C++ Use Continues to Grow: Emphasizes the Need for Tools to Assure Quality and Security

    A recent survey by IEEE Spectrum showed some interesting results. Python continues to lead in popularity and assembly language(!) entered the top ten for the first time. Of note, is the...

    Read Article
  • C and C++ Use Continues to Grow: Emphasizes the Need for Tools to Assure Quality and Security

    C and C++ Use Continues to Grow: Emphasizes the Need for Tools to Assure Quality and Security

    A recent survey by IEEE Spectrum showed some interesting results. Python continues to lead in popularity and assembly language(!) entered the top ten for the first time. Of note, is the...

    Read Article
  • Technical Debt is Stifling Innovation; but, There is Hope

    Technical Debt is Stifling Innovation; but, There is Hope

    Apple’s recent announcement at their recent Worldwide Developers’ Conference stated they were going to be reducing the feature count in future versions of iOS and concentrate on...

    Read Article
  • Technical Debt is Stifling Innovation; but, There is Hope

    Technical Debt is Stifling Innovation; but, There is Hope

    Apple’s recent announcement at their recent Worldwide Developers’ Conference stated they were going to be reducing the feature count in future versions of iOS and concentrate on...

    Read Article
  • Cybersecurity Alerts for Medical Devices are on the Rise – A Cause for Concern, but what can be done?

    Cybersecurity Alerts for Medical Devices are on the Rise – A Cause for Concern, but what can be done?

    The Department of Homeland Security (ICS-CERT) recently issued more warnings about cybersecurity vulnerabilities which has become all too common in recent months. In most cases, these...

    Read Article
  • Cybersecurity Alerts for Medical Devices are on the Rise – A Cause for Concern, but what can be done?

    Cybersecurity Alerts for Medical Devices are on the Rise – A Cause for Concern, but what can be done?

    The Department of Homeland Security (ICS-CERT) recently issued more warnings about cybersecurity vulnerabilities which has become all too common in recent months. In most cases, these...

    Read Article
  • Tool Chain Qualification in Safety Critical Systems

    Tool Chain Qualification in Safety Critical Systems

    Safety critical software usually entails some kind of certification, qualification or approval from a standards body in order to be productized and used by the public. The requirements...

    Read Article
  • loading
    Loading More...