How to Get the Most Value from Static Analysis

Identify serious defects and security vulnerabilities that can result in system crashes, unexpected behavior, and security breaches.

  • Prevent Cybercrime and Insider Attacks in Your Company with Static Analysis

    Prevent Cybercrime and Insider Attacks in Your Company with Static Analysis

    Read the document
  • Eliminating the Danger of Uninitialized Variables

    Eliminating the Danger of Uninitialized Variables

    INTRODUCTION: An uninitialized variable has an undefined value, often corresponding to the data that was already in the particular memory location that the variable is using. This can...

    Read Article
  • Thwarting Insider Attacks with Advanced Static Analysis

    Thwarting Insider Attacks with Advanced Static Analysis

    INTRODUCTION: The security threat posed by insiders is often underestimated. According to an IBM study, 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people...

    Read Article
  • Why Everyone's Talking about Agile Development (And You Should Be Too)

    Why Everyone's Talking about Agile Development (And You Should Be Too)

    INTRODUCTION: Agile, Scrum and DevOps are hot topics in software development but are teams really achieving the goals of these new approaches? Management isn’t convinced, a recent...

    Read Article
  • The Role of Static Analysis in ISA/IEC 62443 Secure Product Development Lifecycle

    The Role of Static Analysis in ISA/IEC 62443 Secure Product Development Lifecycle

    INTRODUCTION: The ISA/IEC 62443 standard (formerly ISA 99) is a set of process standards for secure development of products in industrial automation and control. A list of popular...

    Read Article
  • New Features of C++17

    New Features of C++17

    Since C++11, WG21 (the ISO designation for the C++ Standards Committee) has been focusing on shipping a new standard every three years. The standard is comprised of two primary parts:...

    Read Article
  • GrammaTech CodeSonar for Binary Code

    GrammaTech CodeSonar for Binary Code

    Beyond Static Source Analysis

    Read Article
  • Build Monitoring and Windows 10 Driver Signing

    Build Monitoring and Windows 10 Driver Signing

    INTRODUCTION:

    Read Article
  • Thwarting Insider Attacks with Advanced Static Analysis

    Thwarting Insider Attacks with Advanced Static Analysis

    INTRODUCTION: The security threat posed by insiders is often underestimated. According to an IBM study, 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people...

    Read Article
  • Using CodeSonar for Software Supply Chain Risk Management

    Using CodeSonar for Software Supply Chain Risk Management

    The software supply chain is a growing concern in software development. Security, in particular, of third party software is a risk that needs to be evaluated and managed. Binary code...

    Read Article
  • Domain Specific and Custom Error Checking in Advanced Static Analysis Tools

    Domain Specific and Custom Error Checking in Advanced Static Analysis Tools

    INTRODUCTION: Static analysis tools ship with a default set of error checkers that cover the most common and important types of errors. However, projects often benefit from specific...

    Read Article
  • Software Supply Chain: Risk and Reward

    Software Supply Chain: Risk and Reward

    INTRODUCTION: The recent interest in the so called “software supply chain” highlights the growing importance of using and reusing existing software. Companies realize they need to buy...

    Read Article
  • Advanced Static Analysis for C/C++

    Advanced Static Analysis for C/C++

    Read the document
  • Enhancing Code Reviews with Static Analysis

    Enhancing Code Reviews with Static Analysis

    INTRODUCTION: Code reviews (or inspections) are an effective way to reduce defects in software projects. In fact, defect removal rate can be as high as 75%, meaning two thirds of all...

    Read Article
  • The Economics of Static Analysis Tool Usage

    The Economics of Static Analysis Tool Usage

    INTRODUCTION: The most effective tool is one that reports a good number of true positives, without too many false negatives, without consuming too much compute...

    Read Article
  • Human Factors in Evaluating Static Analysis Tools

    Human Factors in Evaluating Static Analysis Tools

    INTRODUCTION: Advanced static analysis tools are popular because they have proven effective at finding serious programming defects. In contrast to traditional dynamic testing, the...

    Read Article
  • Finding Bugs is Only the Beginning

    Finding Bugs is Only the Beginning

    I sometimes describe our main commercial product, CodeSonar, as a “defect detection tool.” While this is a convenient shorthand, it ignores a lot of what CodeSonar attempts to...

    Read Article
  • Tainted Data Analysis in CodeSonar6:05

    Tainted Data Analysis in CodeSonar

    What is tainted data analysis? How can you leverage taint analysis to find anomalous or unstructured data that can be used by attackers to gain access or crash an application? The questions answered a

    Watch Video
  • What is Taint Checking?

    What is Taint Checking?

    Taint checking? This isn't a trap, I promise. It sounds vulgar, but its etymology is perfectly reasonable, stemming from the notion that data that has been "tainted" by a...

    Read Article
  • The Advantages of Hybrid Source and Binary Static Analysis

    The Advantages of Hybrid Source and Binary Static Analysis

    INTRODUCTION: GrammaTech brought unique binary code analysis to the market in 2013. Before then, the only option for binary analysis was to ship your code to specialists who would...

    Read Article
  • loading
    Loading More...
See more