BLOG

GrammaTech Releases CodeSonar Version 6.2 Focused on Enabling DevSecOps

Ready for DevSecOps GrammaTech’s CodeSonar static application security testing (SAST) solution already has great integrations with the tools our customers rely on to develop software...

Log4j 2 Vulnerability – Practical Advice and What’s Next for Software Supply Chain Security

If you are a cybersecurity or DevOps professional, you have probably had a very hectic 96 hours and probably many more to come. The critical Zero-Day vulnerability (CVE-2021-44228,...

Software supply chain exploits are exploding–How to proactively prevent threats

Your software supply chain is increasingly coming under attack - straining your existing cybersecurity measures to detect attacks. Can you exclusively rely on this reactive technology,...

GrammaTech IronBank Container for CodeSonar and Wind River VxWorks

The IronBank (also known as the DoD Centralized Artifacts Repository) is a collection of signed container images for both open source and commercial software (COTS). The IronBank...

Integrations are Key to Success in DevSecOps for Embedded Development

The term DevSecOps is a contraction of developer, security and operations. Despite the buzzword hype, it does have positive implications for improving the quality, security and...

GrammaTech Named a SINET16 Cybersecurity Innovator

Each year, SINET evaluates the technologies and products from all over the world with hundreds of cybersecurity companies being considered. Of these, 16 are chosen for being the most...

On Demand Discussion with Osterman Research: Exposing Software Supply Chain Security Blind Spots

The Future of the SBOM

Although it might seem premature to discuss the future of the software bill of materials (SBOM) before they have even gained full use and acceptance in the industry. However, the future...

What is an SBOM? A deep dive.

By now, you’ve probably heard the term software bill of materials (SBOM). It’s become the security buzzword of the year. Let’s look a little deeper into the what a SBOM is, what it...

Why NPATH is a Terrible Code Metric

I’m on a MISRA committee to specify a standard for code metrics (aka measures) for software quality. The committee was formed to fill a gap: there are no good comprehensive standards...

SAST and Unit Testing are a Perfect Match: CodeSonar and VectorCAST Integration

VectorCAST is an embedded software testing platform from Vector Informatik that supports the creation and management of test assets to help software developers validate software...

Automotive Software Safety and Security Still Needs Improvement

A recent blog post, “Automotive software defects”, from Phil Koopman, Carnegie Mellon professor and author of “Better Embedded Software”, talks about increasing number of software...

Software Supply Chain Security – The New Cybersecurity Executive Order Explained

  The New Cybersecurity Executive Order Explained.The recent Cybersecurity Executive Order puts a strong emphasis on improving software supply chain security. With vulnerabilities...

Securing Industrial Automation and Control Systems Starts in Software Development

Following the IEC 62443 standard for security software development ensures quality, safety and security

Software Bill of Materials Required by 2021 Cyber Security Executive Order

A new Presidential Executive Order was just signed highlighting the need to enhance the software supply chain as one of the measures for improving the nation’s cybersecurity. With too...

GrammaTech Releases CodeSonar 6.0 with Improved Analysis, Visualization, Reporting and Unified Java Analysis

Over the years we have seen our customers “shifting left” to take advantage of building in security versus testing for security later in the lifecycle. As advanced SAST tools such as...

Multi-language SAST and SCA for Android Platforms and Applications

Android is, for most people, a mobile operating system for their phone or tablet. In fact, it’s an extremely successful open source platform in general. It’s common in automobile...

GrammaTech Congratulates Long Time Customer, Jet Propulsion Laboratory, on their Successful Landing of Perseverance Rover

On Demand Webinar featuring Solid Sands | Safety and Security Critical Software: Start with the End in Mind

  Software development is hard work. Developing C or C++ software that has to be safe and secure is even more difficult. How do you ensure that your end-product behaves the way...