BLOG

Having an SBOM and software inventory aids in identifying 3rd-party vulnerabilities and risk 

GrammaTech CodeSonar 7.1, our static application security testing (SAST) solution, can be deployed in both on-premises and hybrid cloud models to seamlessly integrate into existing...

GrammaTech, and T.E.N., the founder of the Information Security Executive (ISE) of the Year Awards, have recently announced a new award category, the Product Security Executive (PSE) of...

This article was originally posted on Solution Review.

Recent high-profile cybersecurity incidents such as the SolarWinds attack and the Apache Log4j vulnerability have exposed the threats associated with the software supply chain. These can...

At a time when “software supply chain attack” has become a household phrase, the recent vulnerability discovered in the Apache Log4J has delivered a wake-up call to both developers and...

We need to know what’s in the software that is supporting our business.

The World Forum for Harmonization of Vehicle Regulations (WP.29) of the United Nations Economic Commission for Europe (UNECE) is a global regulatory forum within the UNECE Inland...

In light of recent high profile software supply chain security issues such as the SolarWinds attack and the Log4j open source vulnerability, we found it important to identify and explain...

As cars become more connected and complex, the amount of software needed is staggering. With 100 million lines of code being standard for current vehicles and up to 300 million for...

Modern static application security testing (SAST) tools are typically used for two main purposes: finding bugs, and finding violations of coding standards. The primary purpose of...

The MISRA C/C++ coding guidelines were created based on concerns about the ability to safely use the C and C++ programming languages in critical automotive systems. Since its inception...

The intent of the Motor Industry Software Reliability Association (MISRA) C coding standard was to define a subset of the C language that minimizes the possibilities of errors. Although...

The software security discipline is full of terminology and it’s important to state our particular definitions for these terms in the context of GrammaTech products and our approach to...

With the increasing reliance on software driving critical functionality in all types of products such as industrial controls, medical devices, automotive sensors, flight control systems...

Most organizations do everything they can to manage third-party risks associated with their vendors, agents, resellers and partners. However, a couple of supply chain components are...

The recent executive order will expand what companies must disclose to the government when a data breach occurs. Like the California Consumer Privacy Act (CCPA), these new rules will...

There are two important considerations when adding security to an existing DevOps pipeline. The first is security in code, which means, when code is developed, the security of the code...

URGENT/11 and other recent vulnerabilities such as AMNESIA:33 related to embedded TCP/IP stacks indicate a deficiency in vetting and auditing software supply chains. The blame doesn’t...