How To Mitigate Software Supply Chain Risk & Threat

Analyze both source code and binaries to take control of your software supply chain and eliminate the most costly and hard-to-find defects early in the development cycle.

Prevent Cybercrime and Insider Attacks in Your Company with Static Analysis

Read the document
Protecting Security-Sensitive Software From Spectre

Protection against Spectre attacks added to GrammaTech’s Cyber Hardening Services for Intel and AMD processors.

Read Article
What's New in CodeSonar 4.5?

INTRODUCTION: The latest release of CodeSonar, version 4.5, has updates in key areas and innovations that include detecting insider attacks, a new Python API, and compiler model...

Read Article
Thwarting Insider Attacks with Advanced Static Analysis

INTRODUCTION: The security threat posed by insiders is often underestimated. According to an IBM study, 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people...

Read Article
Thwarting Insider Attacks with Advanced Static Analysis

INTRODUCTION: The security threat posed by insiders is often underestimated. According to an IBM study, 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people...

Read Article
Using CodeSonar for Software Supply Chain Risk Management

The software supply chain is a growing concern in software development. Security, in particular, of third party software is a risk that needs to be evaluated and managed. Binary code...

Read Article
Software Supply Chain: Risk and Reward

INTRODUCTION: The recent interest in the so called “software supply chain” highlights the growing importance of using and reusing existing software. Companies realize they need to buy...

Read Article
The Advantages of Hybrid Source and Binary Static Analysis

INTRODUCTION: GrammaTech brought unique binary code analysis to the market in 2013. Before then, the only option for binary analysis was to ship your code to specialists who would...

Read Article
Eliminating Vulnerabilities in Third-Party Code with Binary Analysis

Read the document
Reducing the Risk of the Software Supply Chain in Medical Devices

INTRODUCTION: Medical devices rely on third-party and in-house existing software as needed, to meet functionality, cost, and time-to-market concerns. Although software of unknown...

Read Article
How Vulnerable Are You?

INTRODUCTION: The promise of static analysis is compelling but our most frequently-asked question is, "Where do we start?" Security is a top-of-mind concern, so we are also frequently...

Read Article
Don’t trust any input! Prevent vulnerabilities from becoming exploits with tainted data analysis

INTRODUCTION: One of the most common attack vectors is user (or other) input into a system. It's very risky to assume that input is well-formed, yet people still do, and it is still a...

Read Article
2:32

CodeSonar's Visual Tainted Data Analysis

CodeSonar's tainted dataflow analysis allows you to explore potentially dangerous data flows in a clear, visual way.

Watch Video
GrammaTech Adds Hardening Techniques to Software Assurance Portfolio

Ithaca, NY — GrammaTech, a leading provider of software assurance, hardening, and cyber-security solutions, today announced the development of technologies for advanced software hardening. Most...

Read Article
Improving Quality and Security with Binary Analysis

INTRODUCTION: Companies serious about quality, safety, and security need to manage the risks in their supply chain, including software such as commercial of the shelf (COTS) and free and open...

Read Article
Step Four: Security Assurance for IoT Devices - Assessing third party code

INTRODUCTION:

Read Article
Performing a Security Audit with CodeSonar

Inspired by a recent demonstration to a CodeSonar customer, I helped put together a 7-minute video on performing security audits with CodeSonar. Yes, I know what you're thinking... "7 minutes is...

Read Article
7:42

Performing a Security Audit with CodeSonar

In this tutorial, we describe how to approach security auditing, using CodeSonar.

Watch Video
The Sony Hack and Securing the Software Supply Chain

The latest attack on Sony Pictures by malicious hackers continues to evolve as an international story line. What we know at present is that the FBI has officially blamed North Korea for the attack...

Read Article
Loading More...

How To Mitigate Software Supply Chain Risk & Threat

Prevent Cybercrime and Insider Attacks in Your Company with Static Analysis

Protecting Security-Sensitive Software From Spectre

Protection against Spectre attacks added to GrammaTech’s Cyber Hardening Services for Intel and AMD processors.

What's New in CodeSonar 4.5?

INTRODUCTION: The latest release of CodeSonar, version 4.5, has updates in key areas and innovations that include detecting insider attacks, a new Python API, and compiler model...

Thwarting Insider Attacks with Advanced Static Analysis

INTRODUCTION: The security threat posed by insiders is often underestimated. According to an IBM study, 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people...

Thwarting Insider Attacks with Advanced Static Analysis

INTRODUCTION: The security threat posed by insiders is often underestimated. According to an IBM study, 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people...

Using CodeSonar for Software Supply Chain Risk Management

The software supply chain is a growing concern in software development. Security, in particular, of third party software is a risk that needs to be evaluated and managed. Binary code...

Software Supply Chain: Risk and Reward

INTRODUCTION: The recent interest in the so called “software supply chain” highlights the growing importance of using and reusing existing software. Companies realize they need to buy...

The Advantages of Hybrid Source and Binary Static Analysis

INTRODUCTION: GrammaTech brought unique binary code analysis to the market in 2013. Before then, the only option for binary analysis was to ship your code to specialists who would...

Eliminating Vulnerabilities in Third-Party Code with Binary Analysis

Reducing the Risk of the Software Supply Chain in Medical Devices

INTRODUCTION: Medical devices rely on third-party and in-house existing software as needed, to meet functionality, cost, and time-to-market concerns. Although software of unknown...

How Vulnerable Are You?

INTRODUCTION: The promise of static analysis is compelling but our most frequently-asked question is, "Where do we start?" Security is a top-of-mind concern, so we are also frequently...

Don’t trust any input! Prevent vulnerabilities from becoming exploits with tainted data analysis

INTRODUCTION: One of the most common attack vectors is user (or other) input into a system. It's very risky to assume that input is well-formed, yet people still do, and it is still a...

CodeSonar's Visual Tainted Data Analysis

CodeSonar's tainted dataflow analysis allows you to explore potentially dangerous data flows in a clear, visual way.

GrammaTech Adds Hardening Techniques to Software Assurance Portfolio

Ithaca, NY — GrammaTech, a leading provider of software assurance, hardening, and cyber-security solutions, today announced the development of technologies for advanced software hardening. Most...

Improving Quality and Security with Binary Analysis

INTRODUCTION: Companies serious about quality, safety, and security need to manage the risks in their supply chain, including software such as commercial of the shelf (COTS) and free and open...

Step Four: Security Assurance for IoT Devices - Assessing third party code

INTRODUCTION:

Performing a Security Audit with CodeSonar

Inspired by a recent demonstration to a CodeSonar customer, I helped put together a 7-minute video on performing security audits with CodeSonar. Yes, I know what you're thinking... "7 minutes is...

Performing a Security Audit with CodeSonar

In this tutorial, we describe how to approach security auditing, using CodeSonar.

The Sony Hack and Securing the Software Supply Chain

The latest attack on Sony Pictures by malicious hackers continues to evolve as an international story line. What we know at present is that the FBI has officially blamed North Korea for the attack...