BLOG

  • Bug-Injector Research Receives IEEE SCAM 2019 Distinguished Paper

    Bug-Injector Research Receives IEEE SCAM 2019 Distinguished Paper

    During the International Working Conference on Source Code Analysis & Manipulation (SCAM), a GrammaTech research publication was awarded the Institute of Electrical and Electronics...

    Read Article
  • C was Programming Language of the Year 2019

    C was Programming Language of the Year 2019

    About a year and a half ago, I was discussing the relative popularity of C and C++ in the face of relative newcomers Python, Java and C#. Surprisingly, the TIOBE index for 2019 shows...

    Read Article
  • What’s New in CodeSonar 5.2?

    What’s New in CodeSonar 5.2?

    GrammaTech’s recent release of CodeSonar, version 5.2, increases the coverage of industry coding standards, improved compiler support, further support for open standards and support for...

    Read Article
  • An Update from the C Standards Committee WG14

    An Update from the C Standards Committee WG14

    At the end of October 2019, GrammaTech was pleased to host WG14 (the C Standards Committee) in Ithaca, NY. The C committee is comprised of experts from industry and academia from all...

    Read Article
  • Case Study: LACROIX Sofrel Partners with GrammaTech to Secure Water Networks

    Case Study: LACROIX Sofrel Partners with GrammaTech to Secure Water Networks

    Read Article
  • Using CodeSonar with FreeRTOS: An Example

    Using CodeSonar with FreeRTOS: An Example

    The Crazyflie is a programmable drone sold by Bitcraze that was designed to be “hacked” and runs open source software for its control and operating system. In particular, this drone...

    Read Article
  • Copy and Paste Errors Afflict FFmpeg

    Copy and Paste Errors Afflict FFmpeg

    Copy and paste errors are bugs caused by misuse of local reuse of code by simple editor copy and paste commands. As we discussed in a previous post, it’s probably the most common form...

    Read Article
  • CodeSonar Binary Code Analysis for Power Architecture

    CodeSonar Binary Code Analysis for Power Architecture

     

    Read Article
  • Webinar Recording - Why Realizing Safe, Secure Software Requires Building on Strong Foundations

    Webinar Recording - Why Realizing Safe, Secure Software Requires Building on Strong Foundations

        The challenge of designing safe and secure software systems has never been greater. The emergence of increasingly complex cyber-physical systems, such as...

    Read Article
  • Static Analysis in Automotive SPICE

    Static Analysis in Automotive SPICE

    The Automotive SPICE (software process improvement and capability determination) is a software development process standard that outlines the maturity model for software development,...

    Read Article
  • Using CodeSonar to Evaluate Software for the 2019 CWE Top 25 Most Dangerous Software Errors

    Using CodeSonar to Evaluate Software for the 2019 CWE Top 25 Most Dangerous Software Errors

    The Common Weakness Enumeration (CWE) Top 25 most dangerous software errors, a.k.a., the CWE Top 25 is a list of the most common weaknesses that lead to security vulnerabilities. It is...

    Read Article
  • Introducing MISRA C Coding Standard to an Existing Code Base

    Introducing MISRA C Coding Standard to an Existing Code Base

    The intent of the Motor Industry Software Reliability Association (MISRA) C coding standard was to define a subset of the C language that minimizes the possibilities of errors. Although...

    Read Article
  • The Role of Static Analysis in Assessing Trustworthiness of IIoT Software

    The Role of Static Analysis in Assessing Trustworthiness of IIoT Software

    In a previous post I introduced the Industrial Internet Consortium (IIC), the reference architecture and the concepts of trustworthiness used in their security framework. Since that...

    Read Article
  • How Sound Static Analysis Complements Heuristic Analysis

    How Sound Static Analysis Complements Heuristic Analysis

    Not all static analysis tools work the same, there are in fact a spectrum of tools that use a variety of techniques ranging from relatively simple syntactic analysis through very...

    Read Article
  • How Sound Static Analysis Complements Heuristic Analysis

    How Sound Static Analysis Complements Heuristic Analysis

    Not all static analysis tools work the same, there are in fact a spectrum of tools that use a variety of techniques ranging from relatively simple syntactic analysis through very...

    Read Article
  • Tainted Data and Format String Attack Strike Again

    Tainted Data and Format String Attack Strike Again

    A recent code execution vulnerability (we also call this a code injection vulnerably) was discovered in Palo Alto Networks’ GlobalProtect SSL VPN, a product that handles SSL handshakes...

    Read Article
  • The Role of Static Analysis in the SAE J3061 Cybersecurity Process Framework

    The Role of Static Analysis in the SAE J3061 Cybersecurity Process Framework

    The Society of Automotive Engineers (SAE) J3061 cybersecurity process framework was created to address a large disconnect between advances in automotive software and the increasing...

    Read Article
  • Shift Left Quality and Security with Automated Unit Testing, Dynamic and Static Analysis

    Shift Left Quality and Security with Automated Unit Testing, Dynamic and Static Analysis

    Our partner, Vector Software, recently announced the official release of the VectorCAST and GrammaTech CodeSonar integration. This prompted this post to discuss the role of static and...

    Read Article
  • What is Static Application Security Testing (SAST)?

    What is Static Application Security Testing (SAST)?

    We often get the question from developers and engineering managers: “What is SAST?” often followed by “Ok, what do SAST tools do exactly for security?” Many people know the acronym as...

    Read Article
  • Merging of the MISRA C++ and AUTOSAR C++ Guidelines is Good News for Safety Critical Software Development

    Merging of the MISRA C++ and AUTOSAR C++ Guidelines is Good News for Safety Critical Software Development

    The MISRA Consortium recently announced the merger of MISRA C++ 2008 and AUTOSAR C++14 into a common guideline. This is positive news since it combines two key standards for coding in...

    Read Article
  • loading
    Loading More...