Feb 27, 2018 SOURCE: PR NewsWire

GrammaTech Extends the Reach of Static Analysis

NUREMBERG, Germany, Feb. 27, 2018 /PRNewswire/ -- Engineers, engineering managers and executives involved in building safety and security critical embedded systems will soon have two new tools available to find more bugs earlier, and fix them quicker. GrammaTech, a leading provider of software assurance tools and cybersecurity solutions, today announced two new products: CodeSonar/Libraries and CodeSonar/X.

CodeSonar is the first static analysis tool that can extend source code static analysis into libraries that are only available in binary form through its CodeSonar/Libraries plugin. Other static analysis tools for source code ignore calls into binary libraries -- effectively treating those calls as if they were not there. With 25% of embedded projects utilizing third party libraries, according to VDC Research, this simplification easily leads to undetected problems (false negatives). Proper reasoning about the source code requires interpreting effects of the library code. This simplification also misses problems caused by misuse of the library API. CodeSonar/Libraries adds the capability to seamlessly switch between source and binary analysis as it examines possible paths through the program. This results in a net increase of the number of problems detected in the user's source code. Many software development projects use binary libraries with content from third party vendors, or from existing legacy code. Examples of these include firmware, operating system libraries, graphical user interface subsystems, or middleware layers such as CORBA, DDS, MQTT or others.

CodeSonar/X is a ground-breaking new capability connecting static analysis with dynamic analysis to help software developers improve efficiency, further reduce risk and decrease time-to-market. This plug-in for GrammaTech's CodeSonar reports state corruptions during host-based testing by monitoring memory access. It combines static and dynamic violations and reports them in the CodeSonar User Interface, helping engineers correlate and prioritize.

"The use of libraries as well as state corruption due to buffer overruns are often blind spots for software development teams," says Mark Hermeling, Senior Director Product Marketing at GrammaTech, Inc. "Incorrect use of libraries can lead to difficult to detect run-time errors, while a missed buffer overrun can lead to a cyber vulnerability, which can have a severe impact on safety and security critical devices. CodeSonar/Libraries and CodeSonar/X demonstrate GrammaTech's innovation and thought leadership in the field of static analysis for devices where failure is not an option."

CodeSonar/Libraries is available now, with CodeSonar/X following later this year. Existing customers can contact GrammaTech for access to these ground-breaking technologies. For more information, visit GrammaTech and partner VerifySoft at Booth 4-423, or attend their exhibitor presentation "Static Analysis++" on 28.02.2018 at 10.00-10.30 in Hall 4, stand 4-328.

This material is based upon work supported by the U.S. Department of Homeland Security under Contract No. HSHQDC-16-C-00099. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the U.S. Department of Homeland Security.

About GrammaTech

GrammaTech's advanced static analysis tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. For more information, visit www.grammatech.com or follow us on LinkedIn.

View original content with multimedia:http://www.prnewswire.com/news-releases/grammatech-extends-the-reach-of-static-analysis-300604327.html

SOURCE GrammaTech

Related News

GrammaTech Awarded DARPA Research Contract for AI-Augmented Software Development

GrammaTech Reports 2020 Business Results

GrammaTech Executive to Present Session on Hazards of Misusing Software Metrics at embedded world 2022

GrammaTech Introduces Shift Left Academy

GrammaTech VP of Engineering Emeritus to Present Session on Challenges of Providing Software Bills of Materials at embedded world 2023

GrammaTech CodeSentry Enhances Software Bill of Materials Capabilities to Improve Software Supply Chain Security

Lynx Software Technologies Selects GrammaTech CodeSonar to Ensure the Safety and Security of Mission Critical Military Aerospace Applications

GrammaTech and NetSPI Partner to Offer Defensive and Offensive Application Security Solutions

View all News

Latest Procurements

Herbicide resistance status of grain and cotton cropping regions - strategic insights for RDE

Photo Award Submission Management System

Provision for a SaaS Photo Management System

Employee Assistance Program (EAP)

The procurement project NS1230 for the Employee Assistance Program (EAP) underscores ABC's unwavering commitment to employee well-being and organisational resilience. The main purpose of this project is to secure a...

View all Procurementsp