BLOG

  • Log4j Taught Us a Valuable Lesson

    Log4j Taught Us a Valuable Lesson

    We need to know what’s in the software that is supporting our business.

    Read Article
  • SAST and SCA Solutions Essential to Meeting UN Regulation No. 155 for Vehicle Cybersecurity

    SAST and SCA Solutions Essential to Meeting UN Regulation No. 155 for Vehicle Cybersecurity

    The World Forum for Harmonization of Vehicle Regulations (WP.29) of the United Nations Economic Commission for Europe (UNECE) is a global regulatory forum within the UNECE Inland...

    Read Article
  • Software Supply Chain Security Terminology

    Software Supply Chain Security Terminology

    In light of recent high profile software supply chain security issues such as the SolarWinds attack and the Log4j open source vulnerability, we found it important to identify and explain...

    Read Article
  • Role of SAST and SCA in ISO/SAE 21434 - Road Vehicles Cybersecurity Engineering

    Role of SAST and SCA in ISO/SAE 21434 - Road Vehicles Cybersecurity Engineering

    As cars become more connected and complex, the amount of software needed is staggering. With 100 million lines of code being standard for current vehicles and up to 300 million for...

    Read Article
  • The Minefields of MISRA Coverage

    The Minefields of MISRA Coverage

    Modern static application security testing (SAST) tools are typically used for two main purposes: finding bugs, and finding violations of coding standards. The primary purpose of...

    Read Article
  • Accelerating Automotive Software Safety with MISRA C and SAST

    Accelerating Automotive Software Safety with MISRA C and SAST

    The MISRA C/C++ coding guidelines were created based on concerns about the ability to safely use the C and C++ programming languages in critical automotive systems. Since its inception...

    Read Article
  • Introducing MISRA C Coding Standard to an Existing Code Base

    Introducing MISRA C Coding Standard to an Existing Code Base

    The intent of the Motor Industry Software Reliability Association (MISRA) C coding standard was to define a subset of the C language that minimizes the possibilities of errors. Although...

    Read Article
  • Common Software and Application Security Terms Explained

    Common Software and Application Security Terms Explained

    The software security discipline is full of terminology and it’s important to state our particular definitions for these terms in the context of GrammaTech products and our approach to...

    Read Article
  • Calculating the ROI of SAST in DevSecOps for Embedded Software

    Calculating the ROI of SAST in DevSecOps for Embedded Software

    With the increasing reliance on software driving critical functionality in all types of products such as industrial controls, medical devices, automotive sensors, flight control systems...

    Read Article
  • How To Address Digital Supply Chain Vulnerabilities

    How To Address Digital Supply Chain Vulnerabilities

    Most organizations do everything they can to manage third-party risks associated with their vendors, agents, resellers and partners. However, a couple of supply chain components are...

    Read Article
  • Coming to Security Mandate Near You: SBOMs

    Coming to Security Mandate Near You: SBOMs

    The recent executive order will expand what companies must disclose to the government when a data breach occurs. Like the California Consumer Privacy Act (CCPA), these new rules will...

    Read Article
  • A Practical Approach to Shifting Security Left

    A Practical Approach to Shifting Security Left

    There are two important considerations when adding security to an existing DevOps pipeline. The first is security in code, which means, when code is developed, the security of the code...

    Read Article
  • TCP/IP stacks vulnerabilities are a wake-up call for embedded software

    TCP/IP stacks vulnerabilities are a wake-up call for embedded software

    URGENT/11 and other recent vulnerabilities such as AMNESIA:33 related to embedded TCP/IP stacks indicate a deficiency in vetting and auditing software supply chains. The blame doesn’t...

    Read Article
  • As drone adoption soars, expect greater regulation of embedded code

    As drone adoption soars, expect greater regulation of embedded code

    Software safety and security will become more closely scrutinized as the commercial drone industry grows.

    Read Article
  • GrammaTech Releases CodeSonar Version 6.2 Focused on Enabling DevSecOps

    GrammaTech Releases CodeSonar Version 6.2 Focused on Enabling DevSecOps

    Ready for DevSecOps GrammaTech’s CodeSonar static application security testing (SAST) solution already has great integrations with the tools our customers rely on to develop software...

    Read Article
  • Log4j 2 Vulnerability – Practical Advice and What’s Next for Software Supply Chain Security

    Log4j 2 Vulnerability – Practical Advice and What’s Next for Software Supply Chain Security

    If you are a cybersecurity or DevOps professional, you have probably had a very hectic 96 hours and probably many more to come. The critical Zero-Day vulnerability (CVE-2021-44228,...

    Read Article
  • Software supply chain exploits are exploding–How to proactively prevent threats

    Software supply chain exploits are exploding–How to proactively prevent threats

    Your software supply chain is increasingly coming under attack - straining your existing cybersecurity measures to detect attacks. Can you exclusively rely on this reactive technology,...

    Read Article
  • GrammaTech IronBank Container for CodeSonar and Wind River VxWorks

    GrammaTech IronBank Container for CodeSonar and Wind River VxWorks

    The IronBank (also known as the DoD Centralized Artifacts Repository) is a collection of signed container images for both open source and commercial software (COTS). The IronBank...

    Read Article
  • Integrations are Key to Success in DevSecOps for Embedded Development

    Integrations are Key to Success in DevSecOps for Embedded Development

    The term DevSecOps is a contraction of developer, security and operations. Despite the buzzword hype, it does have positive implications for improving the quality, security and...

    Read Article
  • GrammaTech Named a SINET16 Cybersecurity Innovator

    GrammaTech Named a SINET16 Cybersecurity Innovator

    Each year, SINET evaluates the technologies and products from all over the world with hundreds of cybersecurity companies being considered. Of these, 16 are chosen for being the most...

    Read Article
  • loading
    Loading More...