BLOG

  • Linux Foundation’s ELISA Project to Bring Linux to Safety Critical Systems

    Linux Foundation’s ELISA Project to Bring Linux to Safety Critical Systems

    The Linux Foundation’s announcement of the ELISA (Enabling Linux in Safety Applications) project was of interest to us because it requires a significant effort in evaluating open source...

    Read Article
  • Webinar Recording - What's New in CodeSonar 5.1?

    Webinar Recording - What's New in CodeSonar 5.1?

        Interested in upgrading to CodeSonar 5.1? In this webinar, Mark Hermeling, Senior Director of Product Marketing, will walk through all of the new features...

    Read Article
  • Static Analysis and UL 2900 Standard for Software Cybersecurity

    Static Analysis and UL 2900 Standard for Software Cybersecurity

    The UL 2900 is a software cybersecurity standard, specifically a Cybersecurity Assurance Program or CAP, released by Underwriter’s Laboratory (UL). Yes, this is the same company whose...

    Read Article
  • Using Static Analysis with Legacy Code

    Using Static Analysis with Legacy Code

    The adoption of any new tool into an existing software development process and established code base is always a challenge. Static analysis tools are no different but there are steps to...

    Read Article
  • FDA Updates Guidance for Managing Cybersecurity for Medical Devices

    FDA Updates Guidance for Managing Cybersecurity for Medical Devices

    In a previous post, I discussed the role of static analysis in managing cybersecurity for medical devices. It was in reaction to initial guidance published by the FDA in the document...

    Read Article
  • Open-source Tools for Binary Analysis and Rewriting

    Open-source Tools for Binary Analysis and Rewriting

    Unfortunately binary-only software is unavoidable; dependencies of active software projects, firmware and applications distributed without source access, or simply old software whose...

    Read Article
  • Memory Safety Issues Are Still the Leading Source of Security Vulnerabilities

    Memory Safety Issues Are Still the Leading Source of Security Vulnerabilities

    A recent headline was published in several technology news outlets, at ZDNet “Microsoft: 70 percent of all security bugs are memory safety issues” and Fudzilla, “More than 70 percent of...

    Read Article
  • The Industrial Internet Reference Architecture and Security Framework

    The Industrial Internet Reference Architecture and Security Framework

    The Industrial Internet Consortium (IIC) is a non-profit, industry group that is investigating and proposing the standards needed for a successful deployment of the Industrial Internet...

    Read Article
  • Static Analysis for Python in CodeSonar

    Static Analysis for Python in CodeSonar

    In a previous post we discussed the continuing popularity of C and C++ as a programming language, the surveys referenced there showed that Python is more popular each year and is now...

    Read Article
  • Embedded World 2019 Presentation: Static Analysis for Safety and Security

    Embedded World 2019 Presentation: Static Analysis for Safety and Security

     

    Read Article
  • Integrating Clang Static Analyzer with CodeSonar using SARIF

    Integrating Clang Static Analyzer with CodeSonar using SARIF

    We have discussed the benefits of using SARIF, an open standard for exchanging static analysis results, in a previous post. Integration between tools is simplified by using this open...

    Read Article
  • Using Static Analysis to Detect API Usage Anomalies

    Using Static Analysis to Detect API Usage Anomalies

    Read Article
  • New Release of CodeSonar Focuses on Safety Critical Systems and IoT

    New Release of CodeSonar Focuses on Safety Critical Systems and IoT

    We’re excited about the new release of CodeSonar, versions 5.1, that increases focus on safety critical systems and associated standards and supports multiple programming languages that...

    Read Article
  • Webinar with Arm & Wind River: Automotive Safety from the Ground Up: Hardware, OS and Static Analysis

    Webinar with Arm & Wind River: Automotive Safety from the Ground Up: Hardware, OS and Static Analysis

      There are many different types of software systems in a car, each with different requirements around safety and security. The software that performs...

    Read Article
  • Webinar with Arm & Wind River: Automotive Safety from the Ground Up: Hardware, OS and Static Analysis

    Webinar with Arm & Wind River: Automotive Safety from the Ground Up: Hardware, OS and Static Analysis

      There are many different types of software systems in a car, each with different requirements around safety and security. The software that performs...

    Read Article
  • CodeSonar in the SWAMP

    CodeSonar in the SWAMP

    INTRODUCTION: The Software Assurance Marketplace (SWAMP) is an open tool set designed to improve quality and security started by the Department of Homeland Security Science and...

    Read Article
  • The Role of Static Application Security Tools (SAST) in DevSecOps

    The Role of Static Application Security Tools (SAST) in DevSecOps

    The term DevSecOps is a contraction of DevOps, itself a contraction of Developer Operations, and Security. It’s the in-vogue buzzword for 2018 that, despite the hype, does have positive...

    Read Article
  • How Does the OWASP Top 10 Apply to C/C++ Development?

    How Does the OWASP Top 10 Apply to C/C++ Development?

    The Open Web Application Security Project (OWASP) is a non-profit organization focused on improving web software security. Each year they publish a top ten list of the most critical web...

    Read Article
  • Using CodeSonar and SARIF with Microsoft Visual Studio Code

    Using CodeSonar and SARIF with Microsoft Visual Studio Code

    Here at GrammaTech, we get compliments on how well CodeSonar and the hub, specifically, handles warning display and the necessary information provided to track down the root cause. ...

    Read Article
  • What Does Application Security Mean for Embedded Devices?

    What Does Application Security Mean for Embedded Devices?

      The term application security is a popular one in the software community. When people refer to application security, they typically talk about enterprise applications, the...

    Read Article
  • loading
    Loading More...