GrammaTech CodeSonar in the News
Further press articles:
Testwell CTC++ Testwell CMT++/CMTJava Imagix4D GrammaTech CodeSonar GrammaTech CodeSentry Conformiq Elvior TestCast Verifysoft/General All Press Articles
This are only some of all GrammaTech CodeSonar news in English languageMore GrammaTech news are available in German
(Ithaca/New York/USA, 8 January 2021)
Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster. Security practitioners are accustomed to intervening at the end of the software development process to identify security vulnerabilities, many of which could have been prevented with earlier intervention. To address this problem, developers who are already under pressure to deliver increasingly complex software faster and less expensively are being recruited to implement security earlier in the development cycle under the "shift-left" movement. To understand the obstacles facing developers in meeting new security requirements, consider the five most common coding defects and how to address them.
Read the entire article here.
(Ithaca/New York, Offenburg, 4 February 2019)
Software development and quality managers that are looking to measure the benefit of static analysis can now use BugInjector, a tool that can inject Common Weakness Enumeration (CWE) based bug patterns into existing code bases, thus delivering real-world benchmarks. This independent real-world benchmarks have been created by GrammaTech under contract for the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) and are now available in the Software Assurance Marketplace (SWAMP) at no cost.
"There is an urgent need for benchmarks, such as those from GrammaTech, to allow software developers to evaluate static analysis tools in a comprehensive and real-world setting," says Barton Miller, Professor of Computer Sciences at the University of Wisconsin – Madison and Chief Scientist of SWAMP. "Also, developers of static analysis tools now have the ability to enhance their tools or benchmark new static analysis technologies with realistic test cases. Integrating these benchmarks into the SWAMP platform increases their effectiveness and availability."
Read the post here.
With this integration, software developers can annotate and resolve the software vulnerabilities that CodeSonar highlights without leaving the Wind River Workbench development environment, thereby significantly boosting productivity. Supporting the native Wind River VxWorks® real-time operating system as well as the POSIX API, CodeSonar provides advanced, whole program static analysis of application software and device drivers running in either kernel or user mode. For developers of complex Internet of Things (IoT) devices, CodeSonar delivers a must-have capability as it finds security and quality problems as well as problems specific to multi-core development such as deadlocks, livelocks, resource starvation, and race conditions. CodeSonar identifies bugs that can result in system crashes, unexpected behavior, and security breaches, reducing the risk of shipping costly, brand-damaging defects. It finds these bugs during the development phase, before software is tested, thereby saving cost and time.
Read full text here or watch the demo video.
Perhaps the most relevant point is the role static analysis plays in a security-first software design, which is critical in today´s connected and complex operating environment..... Electronicsweekly.com, 05. April 2017
Manufacturers need to carefully evaluate the cyber threats and the level of exposure of IoT devices. New levels of software integrity can only be achieved if teams can eliminate both accidental coding errors and intentional design-in vulnerabilities, through efficient analysis techniques suitable for the typical highly complex applications of today.
Powered by the forces of the cloud, connected endpoints, wireless technologies, and big data, the Internet of Things (IoT) evolution is forming a perfect storm for software engineering teams. This single, transformative force is bigger than anything in the history of tech industry, fueling an unparalleled consumer- oriented features race, expected to advance at an incredible rate over the next decade. ...
boards & solutions + ECE March 2017 (PDF)
Ithaca, NY — GrammaTech, Inc., a leading maker of tools that improve and accelerate software development, today announced that CodeSonar, the company's flagship static analysis product, has been certified by SGS TÜV Saar GmbH for use in the development of safety-critical software according to several international standards: ISO 26262, IEC 61508 and EN 50128. These three standards were designed to define the functional safety of electronics throughout their lifecycle within automotive systems, medical devices, and railway applications, respectively.
Professional Tester, 2 July 2014
GrammaTech, Inc., a leading maker of tools that improve and accelerate embedded software development, today introduced the industry´s first visual taint analysis technology. Available in CodeSonar, GrammaTech´s flagship static analysis product, this innovation combines advanced tainted dataflow analyses with GrammaTech´s proprietary visualization engine, to clearly display notoriously hard-to-find tainted data pathways in embedded systems. ... Professional Tester, 25 February 2014
After successfully adapting CodeSonar to check for the NASAderived rules, GrammaTech transitioned the changes into its commercial version of the product in 2008. ...
NASA Spinoff 2011
Recently, a new breed of static analysis tools has emerged that can find flaws without writing any test cases. ...
Embedded Technology March 2008