This whitepaper reviews a number of the growing complexities that embedded software development teams are facing, including:
INTRODUCTION: Traditionally, the term "forensics" is the use of science to discover evidence of criminal activity. Extending this to software broadens the use case to consider all of...
INTRODUCTION: Multicore processors are ubiquitous in embedded devices but still pose a challenge for developing safety-critical and security-critical devices. True concurrency offered...
INTRODUCTION: Companies serious about quality, safety, and security need to manage the risks in their supply chain, including software such as commercial of the shelf (COTS) and free and open...
1:32GrammaTech's VP of Engineering, Paul Anderson, describes CodeSonar's static analysis engine.
INTRODUCTION: As stated in my previous post, safety-critical software is expensive to develop and static analysis tools are highly recommended by both certification standards and...
INTRODUCTION: A key ingredient to a security-first design approach is an end-to-end threat assessment and analysis. Your device is part of a larger IoT infrastructure, so understanding...
A LOT of code has been written – enough for LOT to deserve caps. By DARPA's estimate, it is in the order of hundreds of billions of lines of open-source code, and I am probably safe in...
...
Can static analysis find the recent bash vulnerability? Yes, in principle, but it's a challenge. One promising approach is to look for Command Injection problems using taint analysis — flag places...
The minute I heard about Heartbleed — the bug in OpenSSL responsible for the worst security vulnerability in years — I downloaded the source code and ran CodeSonar to see if it would find the...
One of the frustrating aspects of software development is that, often, the robustness and security defects that show up in deployment aren’t in the really big, complex components that keep us...
