logo

13 Januar 2017


Newsletter



VDC Research Report: Market for Automated Testing and Static Analysis Tools Growing

(Ithaca, New York/USA, Offenburg/Germany, 15 December 2017)

The VDC report entitled "The Global Market for Automated Software & Security Testing Tools" states that the market for testing tools is increasing and that software developers are accepting the fact that finding and fixing bugs and security vulnerabilities early has huge benefits in terms of cost, time and product quality and security.
According to the report, 82.3% of static analysis tools used in the enterprise and IT market, as well as 45.5% in embedded and IoT market, are focused on security.
Unfortunately, despite this growth, security risk mitigation is still not being addressed enough in embedded projects. Only 22.9% of embedded/IoT engineers is not taking any actions to address potential issues on current projects. It is important that embedded and IoT manufacturers take more action on securing their devices.
The VDC report has numerous findings about the automated testing market as a whole.
Some interesting points made in the report related to static analysis include the following:
  • A general recommendation to include static analysis as part of a automated testing portfolio
  • Static analysis tools are often easier to adopt than other automated testing tools making them a good entry point for adoption
  • The re-use/use of third party code in embedded projects continues to grow and the adoption of binary static analysis, although initially small, is growing rapidly.
More information: GrammaTech Blog

GrammaTech CodeSonar 4.5 with Focus on Cybersecurity Released

(Ithaca, New York/USA, Offenburg/Germany, 29 November 2017)

Version 4.5 of the Static Code Analysis Tool GrammaTech CodeSonar is now available. The new version comes with a rapid development environment, new secure coding checkers to thwart cybercrime, and an improved floating point support.

CodeSonar 4.5 brings a comprehensive set of enhancements and a host of new features to software teams seeking to improve their secure software development lifecycle (SDLC). C++ and Python APIs which have been introduced in the latest version help software teams to rapidly build domain specific checks to express their design invariants for CodeSonar to evaluate. An API is also available to quickly add support for new compilers.
Improved floating point support allows CodeSonar to find more defects in code paths that rely on decisions involving floating point computations. In order to help combat the rise of cybercrime within companies, new checkers detect malicious code that has purposely or inadvertently been added into code. 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people making mistakes that lead to a system breach or incorrect behavior) according to an IBM study. Suspicious code is highlighted by the new checkers before it can pose a problem in deployed systems. A 30-day free trial of CodeSonar 4.5 is available on demand.

Testwell CTC++ adapted for IAR Workbench 8.0

(Offenburg/Germany, 23 November 2017)

Verifysoft has released a new adaptation for Testwell CTC++ Test Coverage Analyser for IAR Embedded Workbench. Now also the latest version 8.0 of IAR Embedded Workbench is supported.
Testwell CTC++ can be used with all embedded targets and all compilers. The adaptation to new compilers is easy.

Release of Elvior TestCast T3 version 6.12.1

(Tallinn/Estland, Offenburg/Germany, 10 October 2017)

Elvior has released a new version of the test execution tool TestCast with the following features:
  • ETSI ES 201 873-1 4.9.1 support (TTCN-3:2017)
  • File system monitoring
  • Asynchronous TLI
ECTC

Testwell tools at the Embedded Connectivity and Tech Conference in India

(Offenburg/Germany, Bangalore/India)

Lexington Soft Private Limited is representing Verifysoft in India. UBM India will be organising Embedded Connectivity and Tech Conference to be held on September 28-29, 2017 in Bangalore, India. Whether it's embedded hardware design or the Internet of Things (IoT), ECTC showcases emerging trends and innovations that will set the tone for the embedded systems industry in 2017 and beyond. With over 200 of attendees and numerous speakers set to meet face-to-face, ECTC is a must attend opportunity for embedded systems professionals to accelerate industry knowledge and network.
Shanghai

Shanghai 25th-26th October: Verifysoft presents Testwell CTC++ at Embedded ECU ISO26262 and Integration Testing Workshop

(Offenburg/Germany, Beijing/China)

Testwell CTC++ Code Coverage Analyser will be presented at Embedded ECU ISO26262 and Integration Testing Workshop on 25th-26th October 2017 in Shanghai.
The workshop is being organized by the partner of Verifysoft, Beijing Siener Electronics Tech. Development Ltd. and is dedicated to Software Testing for embedded safety-critical systems.
Verifysoft will present Code Coverage requirements for ISO 26262, the principles and key points in measuring code coverage with Testwell CTC++, the leading Code Coverage Analyzer in automotive industry.

VDC research reports on Industry 4.0 security concerns

VDC Research Highlights Cybersecurity Concerns in Industry 4.0

(Offenburg/Germany, Ithaca, New York/USA, 15 August 2017)

As more companies have Industry 4.0 initiatives underway to refine and accelerate the realization of the smart factory vision, new data from VDC research indicates that these systems and software teams aren't taking enough precautions for security protection.
VDC recommends adopting a "secure by design" approach, which includes ensuring the quality and security of increasingly-used open-source, re-used, and third party code. An automated tool like CodeSonar, that can analyze both source and binary code to find defects and security vulnerabilities, is increasingly important as software development shifts to this new approach.
The report offers important recommendations to improve quality and security in this increasingly challenging era of device safety and security. > more information
Read the VDC Report here.

Testwell CTC++ is now transparently integrateable into Cygwin Toolchains

(Offenburg/Germany, 7 July 2017)

Testwell CTC++ now includes a native support for Cygwin-Toolchains. This also means that Cygwin is now as easy to use with Testwell CTC++ as if one would work with native Windows- or MinGW-Toolchains.
Cygwin provides native integration of Windows-based applications, data, and other system resources with applications, software tools, and data of the Unix-like environment. Thus it is possible to launch Windows applications from the Cygwin environment, as well as to use Cygwin tools and applications within the Windows operating context.
Testwell CTC++ is a leading code coverage tool for safety and security critical embedded software development.

Testwell CTC++ Plugin integrates Code Coverage in Microchip’s MPLAB X

(Offenburg/Germany, 14 June 2017)

The new plugin CTC4MPlabX allows Testwell CTC++ to be used with MPLAB-X, and all of Microchip's latest compilers: xc8, xc16, and xc32.
In addition to that, and thanks to the plugin we developed for the IDE, code coverage can now be measured without complicated command line tricks: everything is done on a click of a button!
Thanks to Testwell CTC++ and its bitcov addon, code coverage can now be measured on all PICs in a split second, no matter if 8, 16, or 32 bits, and this with a very low memory footprint!

Testwell CTC++ 8.2 Available: Now also with JSON output Format

(Offenburg/Germany, Tampere/Finland, 16 May 2017)

Version 8.2 of Testwell CTC++ introduces JSON (JavaScript Object Notation) coverage reports. These coverage reports are similar to XML reports, but easier and faster to process in Javascripts.
There are also enhancements that are mainly focused on various advanced use cases as well as some corrections of bugs found since the previous version.
> more information

Release of Elvior TestCast T3 Version 6.11.2

(Tallinn/Estland, Offenburg/Deutschland, 27. April 2017)

Elvior has released a new version of the test execution tool TestCast with the following features:
  • ETSI ES 201 873-9 4.7.1 support (using XML schema with TTCN-3)
  • Support for external library modules (Math, String, DateTime)
  • Log synchronization - enables test session logs usage during runtime
  • Improved detection of uninitialized values in compile time
  • When a disallowed operation is detected during a blocking call in runtime, the name of the operation is printed in the exception message
Testwell CTC++ Customer Testimonial from ISD

“Testwell CTC++ gives us what we need while keeping the process simple”: New Testwell CTC++ customer testimonial from medical industry (ISD, Sri Lanka)

(Offenburg/Germany, Colombo/Sri Lanka, 11 April 2017)

Testwell CTC++ gives us what we need while keeping the process simple” says Harin de Silva, Technical Manager at ISD, who has given us an insight into the software testing demands for medical solutions and explained why they are using Testwell CTC++ for measuring code coverage.
In the following Customer Testimonial Mr. Harin de Silva talks about advantages of Testwell CTC++: “We chose Testwell CTC++ in order to aid us in the unit tests and verification. (...) One of the biggest challenges that we had was the limited memory in our systems. Testwell CTC++ required a very small footprint for its instrumentation and the Host target add-on makes integrations to any system easy. The important point here is that we don’t have any restrictions with compilers, IDEs or debug tools. We are able to use Testwell CTC++ without changing our development process drastically…”
>Read full Customer Testimonial here

GrammaTech announced CodeSonar 4.5 with Risk Dashboard

(Ithaca, New York/USA, Offenburg/Germany, 9 March 2017)

GrammaTech today announced the availability of the CodeSonar Risk Dashboard in CodeSonar 4.5. This new version of the leading static analysis tool will be released in the second calendar quarter of 2017.
The Risk Dashboard is a new capability which provides executives with an immediate read-out of the level of outstanding security risks in their projects. It provides the data needed to improve decision-making concerning security investments. The Risk Dashboard supports both source and binary analysis. It can be used to measure risks during the software development phase and in deployment environments.

Imagix 4D releases Imagix 4D version 9.0: Introduction of a review tool and checklist for Common Weakness Enumeration (CWE)

(San Luis Obispo/USA, Offenburg/Germany, 6 march 2017)

Imagix 4D Version 9.0 is now available. The new version introduces a review tool for guided checklist reviews and adds a checklist for Common Weakness Enumeration (CWE) testing. The performance of the flow check reports has been dramatically improved. The functionality of the calculation tree data flow visualizer has been expanded.

Testwell CMT++ Version 6.0.1 available

(Tampere/Finland, Offenburg/Germany, 6 March 2017)

The new version 6.0.1 Testwell CMT++ with smaller bug-fixes is now available for download. Further informations: Testwell CMT++ 6.0.1 Release-Notes

Release of Elvior TestCast T3 Version 6.11.1

(Tallinn/Estonia, Offenburg/Germany, 21 February 2017)

Elvior has released a new version of the test execution tool TestCast with the following features:
  • Function for TCI value conversion to XML.
  • Test case duration added to session reports.
  • Faster XML decoding.
  • Improved support for detection of unreferenced external module parameters etc.

GrammaTech Named to 50 Most Promising IoT Solution Providers

(Ithaca, New York/USA, Offenburg/Germany, 23 January 2017)

GrammaTech was named to CIO Review Magazine’s list of 50 Most Promising IoT Solution Providers of the year for 2016. The list of companies was selected by a panel of experts and members of CIO Review’s editorial board; GrammaTech’s IoT solutions were selected based on their ability to deliver exceptional value in today’s IoT-driven marketplace. Derived from deep innovation and intensive research in software analysis and software hardening, GrammaTech’s solutions are designed to address today’s most challenging software issues.
Today, more systems are controlled by software, more devices are connected, and more software is susceptible to attack. Developers need better tools to be able to deliver connected devices that are secure.
Unlike other traditional tools vendors, GrammaTech’s mission includes a research arm with over 20 PhDs focused on advancing the state-of-the-art in software analysis and protection. Through highly innovative research programs advancing techniques and technologies in software analysis, transformation, monitoring, and autonomic functions, GrammaTech’s software scientists are solving the software issues impacting the embedded, M2M, and IoT equipment markets.

Testwell CTC++ 8.1 Available

(Offenburg/Germany, Tampere/Finland, 13 January 2017)

Version 8.1 of Testwell CTC++ contains the following enhancements (partial list):
  • More robust behaviour, for avoiding certain problems, in a situation when two threads of an instrumented program trigger coverage data write-out at a same time.
  • The coverage report can now be restricted also by header files
  • For installation of the Visual Studio IDE Integration there is improved modify_msbuild_path.bat for better C# Framework64 support
> more information