Interview with Verifysoft Technology

Verifysoft supports software development companies with tools that ensure high quality in software development. Their testing and analysis tools uncover errors in computer programs and provide an overview of whether the software has been sufficiently tested.

Since the foundation in 2003, Verifysoft can look back on a steady growth. The tools are used by more than 700 companies on all continents to improve the quality of their software.

Read the full interview with Verifysoft-CEO Klaus Lambertz here.

SBOMs and Four Pillars for Managing Medical Device Software Security

Medical devices, which are more complex than ever, face new security challenges. Especially since they are connected to the outside world for remote access, and monitoring, or used in home care applications. These risks increase the stakes in terms of product safety liability for manufacturers as security vulnerabilities can impact human lives.

Unlike enterprise and government technology where cybersecurity has been a mainstay for years, product security is a relatively new discipline for medical device manufacturers. Meanwhile, the use of third-party software, including open-source components, and libraries, in connected devices further raises the ante, making software supply-chain security increasingly critical.

Using the CVSS to Secure the Software Supply Chain

It’s easy for security teams and software developers to be overwhelmed with the endless stream of software vulnerabilities reported across the hundreds of applications used by a typical large enterprise. But not all software vulnerabilities are created equal and need immediate attention.

Understanding which ones pose a clear and present security risk if they are not remediated is critical to securing the software supply chain. This is where vulnerability scoring can help prioritize mitigation planning and management.

How SBOMs Reduce Software Procurement Risk and Improve Enterprise Security

As part of Solutions Review’s Premium Content Series—a collection of contributed columns written by industry experts in maturing software categories—Mike Dager, the Chief Executive Officer of GrammaTech, shares some insights on the enterprise security benefits that software bill of materials (SBOMs) c an offer to supply chain professionals.

Supply chain professionals should be familiar with a bill of materials (BOM), which is used to build quality products and support the procurement, inventory management, and resolution of problems involved in creating those products. A BOM is also used to manage parts and maintenance supplies when buying products. However, software procurement is often more concerned with licensing terms, security requirements, pricing, maintenance, and support needs. ...

9 tips for better code coverage measurement

Measuring code coverage is increasingly important for embedded systems but requires some experience. This is because there are a few hurdles to overcome, especially with small targets. However, with the right approaches and suitable tools, measuring test coverage is possible without excessive effort. Nine practical tips help you get started.

Measuring test coverage, also known as code coverage, is becoming increasingly important for embedded systems. In many cases, these devices are critical to safety or business. Processes are based on IoT devices, patients rely on working pacemakers and intelligent insulin pumps, automotive and aviation is no longer conceivable without embedded software. This list could be continued almost endlessly.

Measuring code coverage for embedded software

For a long time already, embedded software has been used for critical applications where safety is highly important. As embedded devices are often clients that are connected with other devices on the Internet of Things (IoT), security aspects need to be considered as well. This means that the quality of embedded devices is extremely important – both from a security point of view and from a functional safety point of view.

For safe and reliable embedded devices, testing is an indispensable part of quality assurance. It is not without reason that the standards for safety-critical software development set precise requirements for test methods and test coverage.

How a DevSecOps approach improved security in iris recognition systems

A look at DevSecOps best practice and use of static application security testing (SAST) as part of the software development lifecycle at Iris ID, who provide iris recognition for state-of-the-art access control and sensitive biometric authentication applications. ...

We chose CodeSonar from GrammaTech because it met the above criteria as we implemented a DevSecOps approach. CodeSonar could both identify code issues and also provide explanations to developers so they could fix problems. This enables our global development teams to not only avoid making mistakes, but learn from past errors so they don’t crop up again.

Software quality demands both static code analysis and dynamic testing

Increased recall campaigns, delayed deliveries, difficulties in delivering the promised functions on time: software quality is not evident. The development of good software is only possible through consistent action, adherence to standards and the use of mature test and quality assurance tools. Bad software leads to monetary losses and deterioration of the corporate image. Embedded software is even more critical, as it is mostly used in safety-critical applications. Here, software errors can endanger human lives and must therefore be avoided at all costs. For this reason, standards like ISO 26262, IEC 61508 or DO178-C have strict requirements regarding the quality of development and testing of software.

10 Criteria for selecting a Code Coverage Tool

Particularly in safety-critical software development, industry standards prescribe precise requirements for code coverage, so that products cannot be certified here without proof of sufficient test coverage. But also in other development projects, companies increasingly attach great importance to software quality and measure code coverage.
Various code coverage analyzers are available on the market for measuring code coverage. They differ significantly in terms of handling and quality.

Top 5 'Need to Know' Coding Defects for DevSecOps

Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster. Security practitioners are accustomed to intervening at the end of the software development process to identify security vulnerabilities, many of which could have been prevented with earlier intervention. To address this problem, developers who are already under pressure to deliver increasingly complex software faster and less expensively are being recruited to implement security earlier in the development cycle under the "shift-left" movement. To understand the obstacles facing developers in meeting new security requirements, consider the five most common coding defects and how to address them.