Industry Leaders Collaborate to Define SARIF Interoperability Standard for Detecting Software Defects and Vulnerabilities

October 13, 2017 GrammaTech News

Common data format for static analysis tools is being advanced by CA Technologies, Cryptsoft, FireEye, GrammaTech, Hewlett Packard Enterprise (HPE), Micro Focus, Microsoft, New Context, Phantom, RIPS, SWAMP, Synopsys, U.S. DHS, U.S. NIST, and others.

Members of the OASIS nonprofit consortium are working together to define an international interoperability standard for static analysis. The goal is to make it easier for software developers to assess the quality and security of their programs by aggregating data from multiple tools.

The new OASIS Static Analysis Results Interchange Format (SARIF) Technical Committee brings together major software companies, cybersecurity providers, government, security orchestration specialists, programmers, and consultants to agree on a data format that will be parseable by tools across the industry.

GrammaTech VP of Engineering, Paul Anderson, said, "SARIF fills an important gap in software engineering tools. It enables the integration of static-analysis tool results in a plug-and-play manner into a highly-automated software development ecosystem. It has the potential to lower the cost of static-analysis tool adoption, which will benefit both tool vendors and tool users alike."

For the full OASIS press release, click here.

Previous Article
Apple App Safety and Security Spur Objective-C Support for CodeSonar
Apple App Safety and Security Spur Objective-C Support for CodeSonar


Next Article
Office of Naval Research awards GrammaTech $9M for Cyber-Hardening Security Research

GrammaTech awarded a $9M, three-year contract from the Office of Naval Research to perform R&D on cutting-e...