BLOG

Tainted Data and Format String Attack Strike Again

A recent code execution vulnerability (we also call this a code injection vulnerably) was discovered in Palo Alto Networks’ GlobalProtect SSL VPN, a product that handles SSL handshakes...

The Role of Static Analysis in the SAE J3061 Cybersecurity Process Framework

The Society of Automotive Engineers (SAE) J3061 cybersecurity process framework was created to address a large disconnect between advances in automotive software and the increasing...

Shift Left Quality and Security with Automated Unit Testing, Dynamic and Static Analysis

Our partner, Vector Software, recently announced the official release of the VectorCAST and GrammaTech CodeSonar integration. This prompted this post to discuss the role of static and...

What is Static Application Security Testing (SAST)?

We often get the question from developers and engineering managers: “What is SAST?” often followed by “Ok, what do SAST tools do exactly for security?” Many people know the acronym as...

Merging of the MISRA C++ and AUTOSAR C++ Guidelines is Good News for Safety Critical Software Development

The MISRA Consortium recently announced the merger of MISRA C++ 2008 and AUTOSAR C++14 into a common guideline. This is positive news since it combines two key standards for coding in...

Linux Foundation’s ELISA Project to Bring Linux to Safety Critical Systems

The Linux Foundation’s announcement of the ELISA (Enabling Linux in Safety Applications) project was of interest to us because it requires a significant effort in evaluating open source...

Webinar Recording - What's New in CodeSonar 5.1?

    Interested in upgrading to CodeSonar 5.1? In this webinar, Mark Hermeling, Senior Director of Product Marketing, will walk through all of the new features...

Static Analysis and UL 2900 Standard for Software Cybersecurity

The UL 2900 is a software cybersecurity standard, specifically a Cybersecurity Assurance Program or CAP, released by Underwriter’s Laboratory (UL). Yes, this is the same company whose...

Using Static Analysis with Legacy Code

The adoption of any new tool into an existing software development process and established code base is always a challenge. Static analysis tools are no different but there are steps to...

FDA Updates Guidance for Managing Cybersecurity for Medical Devices

In a previous post, I discussed the role of static analysis in managing cybersecurity for medical devices. It was in reaction to initial guidance published by the FDA in the document...

Open-source Tools for Binary Analysis and Rewriting

Unfortunately binary-only software is unavoidable; dependencies of active software projects, firmware and applications distributed without source access, or simply old software whose...

Memory Safety Issues Are Still the Leading Source of Security Vulnerabilities

A recent headline was published in several technology news outlets, at ZDNet “Microsoft: 70 percent of all security bugs are memory safety issues” and Fudzilla, “More than 70 percent of...

The Industrial Internet Reference Architecture and Security Framework

The Industrial Internet Consortium (IIC) is a non-profit, industry group that is investigating and proposing the standards needed for a successful deployment of the Industrial Internet...

Static Analysis for Python in CodeSonar

In a previous post we discussed the continuing popularity of C and C++ as a programming language, the surveys referenced there showed that Python is more popular each year and is now...

Embedded World 2019 Presentation: Static Analysis for Safety and Security

Integrating Clang Static Analyzer with CodeSonar using SARIF

We have discussed the benefits of using SARIF, an open standard for exchanging static analysis results, in a previous post. Integration between tools is simplified by using this open...

Using Static Analysis to Detect API Usage Anomalies

New Release of CodeSonar Focuses on Safety Critical Systems and IoT

We’re excited about the new release of CodeSonar, versions 5.1, that increases focus on safety critical systems and associated standards and supports multiple programming languages that...

Webinar with Arm & Wind River: Automotive Safety from the Ground Up: Hardware, OS and Static Analysis

  There are many different types of software systems in a car, each with different requirements around safety and security. The software that performs...