How To Improve Software Quality and Robustness

  • Software Forensics: Beyond the Law

    INTRODUCTION: Traditionally, the term "forensics" is the use of science to discover evidence of criminal activity. Extending this to software broadens the use case to consider all of...

    Read Article
  • Conquering Complex Java Concurrency Bugs with CodeSonar

    Conquering Complex Java Concurrency Bugs with CodeSonar

    This whitepaper describes the most detrimental concurrency bugs, along with how to identify and eliminate these bugs using CodeSonar.

    Read the document
  • Measuring the Value of Static Analysis Tool Deployments

    Measuring the Value of Static Analysis Tool Deployments

    Read the document
  • Embedded Software Design: Best Practices for Static Analysis Tools

    Embedded Software Design: Best Practices for Static Analysis Tools

    Read the document
  • Finding Concurrency Errors with GrammaTech Static Analysis

    Finding Concurrency Errors with GrammaTech Static Analysis

    Read the document
  • Narrow-Solution Static Analysis Tools vs. CodeSonar4:40

    Narrow-Solution Static Analysis Tools vs. CodeSonar

    Static analysis tools range widely in scope. Narrower tools, including commercial tools like PC-lint and open-source tools like CPPcheck, can be used to find basic bugs in code, but they become apples

    Watch Video
  • How CodeSonar Compares to PC-Lint (and other similar tools)

    How CodeSonar Compares to PC-Lint (and other similar tools)

    Read the document
  • How Static Analysis Improves Safety and Security for Multicore Platforms

    How Static Analysis Improves Safety and Security for Multicore Platforms

    INTRODUCTION: Multicore processors are ubiquitous in embedded devices but still pose a challenge for developing safety-critical and security-critical devices. True concurrency offered by...

    Read Article
  • Improving Quality and Security with Binary Analysis

    Improving Quality and Security with Binary Analysis

    INTRODUCTION: Companies serious about quality, safety, and security need to manage the risks in their supply chain, including software such as commercial of the shelf (COTS) and free and open...

    Read Article
  • Making Safety-Critical Software Development Affordable with Static Analysis

    Making Safety-Critical Software Development Affordable with Static Analysis

    Read the document
  • How Does CodeSonar Find More Bugs?1:32

    How Does CodeSonar Find More Bugs?

    GrammaTech's VP of Engineering, Paul Anderson, describes CodeSonar's static analysis engine.

    Watch Video
  • Detecting Domain-Specific Coding Errors with Static Analysis

    Detecting Domain-Specific Coding Errors with Static Analysis

    Read the document
  • The ROI of Static Analysis in Safety-Critical Software Development

    The ROI of Static Analysis in Safety-Critical Software Development

    INTRODUCTION: As stated in my previous post, safety-critical software is expensive to develop and static analysis tools are highly recommended by both certification standards and practitioners in...

    Read Article
  • Step Two: Security Assurance for IoT Devices - Threat Assessment  and Analysis

    Step Two: Security Assurance for IoT Devices - Threat Assessment and Analysis

    INTRODUCTION: A key ingredient to a security-first design approach is an end-to-end threat assessment and analysis. Your device is part of a larger IoT infrastructure, so understanding the...

    Read Article
  • History Repeats Itself... So Does Your Software

    History Repeats Itself... So Does Your Software

    A LOT of code has been written – enough for LOT to deserve caps. By DARPA's estimate, it is in the order of hundreds of billions of lines of open-source code, and I am probably safe in...

    Read Article
  • New VDC Research Finds 40% of Embedded Developers Report Projects are Behind Schedule

    ...

    Read Article
  • Static Analysis and the Bash Bug  

    Static Analysis and the Bash Bug  

    Can static analysis find the recent bash vulnerability? Yes, in principle, but it's a challenge. One promising approach is to look for Command Injection problems using taint analysis — flag places...

    Read Article
  • Finding Heartbleed with CodeSonar

    Finding Heartbleed with CodeSonar

    The minute I heard about Heartbleed — the bug in OpenSSL responsible for the worst security vulnerability in years — I downloaded the source code and ran CodeSonar to see if it would find the...

    Read Article
  • Sweating the Small Stuff 

    Sweating the Small Stuff 

    One of the frustrating aspects of software development is that, often, the robustness and security defects that show up in deployment aren’t in the really big, complex components that keep us...

    Read Article
  • loading
    Loading More...