How To Improve Software Quality and Robustness

Software Forensics: Beyond the Law

INTRODUCTION: Traditionally, the term "forensics" is the use of science to discover evidence of criminal activity. Extending this to software broadens the use case to consider all of...

Read Article

How Static Analysis Improves Safety and Security for Multicore Platforms

INTRODUCTION: Multicore processors are ubiquitous in embedded devices but still pose a challenge for developing safety-critical and security-critical devices. True concurrency offered...

Read Article

Improving Quality and Security with Binary Analysis

INTRODUCTION: Companies serious about quality, safety, and security need to manage the risks in their supply chain, including software such as commercial of the shelf (COTS) and free and open...

Read Article

Making Safety-Critical Software Development Affordable with Static Analysis

Read the document

1:32

How Does CodeSonar Find More Bugs?

GrammaTech's VP of Engineering, Paul Anderson, describes CodeSonar's static analysis engine.

Watch Video

Detecting Domain-Specific Coding Errors with Static Analysis

Read the document

The ROI of Static Analysis in Safety-Critical Software Development

INTRODUCTION: As stated in my previous post, safety-critical software is expensive to develop and static analysis tools are highly recommended by both certification standards and...

Read Article

Step Two: Security Assurance for IoT Devices - Threat Assessment and Analysis

INTRODUCTION: A key ingredient to a security-first design approach is an end-to-end threat assessment and analysis. Your device is part of a larger IoT infrastructure, so understanding...

Read Article

History Repeats Itself... So Does Your Software

A LOT of code has been written – enough for LOT to deserve caps. By DARPA's estimate, it is in the order of hundreds of billions of lines of open-source code, and I am probably safe in...

Read Article

New VDC Research Finds 40% of Embedded Developers Report Projects are Behind Schedule

...

Read Article

Static Analysis and the Bash Bug

Can static analysis find the recent bash vulnerability? Yes, in principle, but it's a challenge. One promising approach is to look for Command Injection problems using taint analysis — flag places...

Read Article

Finding Heartbleed with CodeSonar

The minute I heard about Heartbleed — the bug in OpenSSL responsible for the worst security vulnerability in years — I downloaded the source code and ran CodeSonar to see if it would find the...

Read Article

Sweating the Small Stuff

One of the frustrating aspects of software development is that, often, the robustness and security defects that show up in deployment aren’t in the really big, complex components that keep us...

Read Article

Loading More...

How To Improve Software Quality and Robustness

Software Forensics: Beyond the Law

INTRODUCTION: Traditionally, the term "forensics" is the use of science to discover evidence of criminal activity. Extending this to software broadens the use case to consider all of...

Measuring the Value of Static Analysis Tool Deployments

Embedded Software Design: Best Practices for Static Analysis Tools

Finding Concurrency Errors with GrammaTech Static Analysis

How Static Analysis Improves Safety and Security for Multicore Platforms

INTRODUCTION: Multicore processors are ubiquitous in embedded devices but still pose a challenge for developing safety-critical and security-critical devices. True concurrency offered...

Improving Quality and Security with Binary Analysis

INTRODUCTION: Companies serious about quality, safety, and security need to manage the risks in their supply chain, including software such as commercial of the shelf (COTS) and free and open...

Making Safety-Critical Software Development Affordable with Static Analysis

How Does CodeSonar Find More Bugs?

GrammaTech's VP of Engineering, Paul Anderson, describes CodeSonar's static analysis engine.

Detecting Domain-Specific Coding Errors with Static Analysis

The ROI of Static Analysis in Safety-Critical Software Development

INTRODUCTION: As stated in my previous post, safety-critical software is expensive to develop and static analysis tools are highly recommended by both certification standards and...

Step Two: Security Assurance for IoT Devices - Threat Assessment and Analysis

INTRODUCTION: A key ingredient to a security-first design approach is an end-to-end threat assessment and analysis. Your device is part of a larger IoT infrastructure, so understanding...

History Repeats Itself... So Does Your Software

A LOT of code has been written – enough for LOT to deserve caps. By DARPA's estimate, it is in the order of hundreds of billions of lines of open-source code, and I am probably safe in...

New VDC Research Finds 40% of Embedded Developers Report Projects are Behind Schedule

...

Static Analysis and the Bash Bug

Can static analysis find the recent bash vulnerability? Yes, in principle, but it's a challenge. One promising approach is to look for Command Injection problems using taint analysis — flag places...

Finding Heartbleed with CodeSonar

The minute I heard about Heartbleed — the bug in OpenSSL responsible for the worst security vulnerability in years — I downloaded the source code and ran CodeSonar to see if it would find the...

Sweating the Small Stuff

One of the frustrating aspects of software development is that, often, the robustness and security defects that show up in deployment aren’t in the really big, complex components that keep us...