30 August 2021

GrammaTech CodeSonar 5.1 Available

(Ithaca/New York/USA, Offenburg/Germany, 21 June 2019)

Grammatech has released version 5.1 of the static code analysis tool CodeSonar. The new version has the following new features and enhancements:
  • CodeSonar now integrates with the static analysis tool named Julia for the analysis of Java and C#
  • Support of SARIF (SARIF is a new standard for representing the results of static analysis tools. As the standard has not been finalized yet, CodeSonar supports importing and exporting the 11/28 version. This is compatible with the version of SARIF exported by the Clang Static Analyzer.
  • Pylint Integration: CodeSonar now integrates with Pylint through SARIF. Warnings generated by Pylint can be imported into the CodeSonar user interface and managed just like other warnings.
  • HTML 5 Visualization: There is a new interface for browsing call trees, invokable from the info window. This functionality will be extended in future releases to replace the old Java-based visualization applet.
  • Enhanced Return Code Checking: The return code checker now covers many more functions than previously, covering libraries such as Qt, the GNU C Library, OpenSSL, the GLib GNOME Library, libPNG, and several others.
  • C++-17 Support: CodeSonar now has better compatibility with C++-17, as is used by newer
  • Decompiler for Intel 64-bit: The decompiler in CodeSonar for binaries can now show code decompiled from the Intel-64 instruction set architecture.

GrammaTech participates in the MISRA Committee / Merging of the MISRA C++ and AUTOSAR C++ Guidelines

(Ithaca/New York, Offenburg, 21 June 2019)

The MISRA Consortium recently announced the merger of MISRA C++ 2008 and AUTOSAR C++14 into a common guideline. This is positive news since it combines two key standards for coding in C++.
Verifysoft’s partner GrammaTech is an active participant in the MISRA committee and is collaborating in merging these standards.
GrammaTech’s Vice President of Engineering Paul Anderson is now an official member of the MISRA committee and will be working with the other members to develop new versions of the MISRA standards. Learn more about MISRA C++ 2008 and AUTOSAR C++14 merger

GrammaTech CodeSonar: Integration with Microsoft Visual Studio

(Ithaca/New York, 27 November 2018)

Microsoft Visual Studio is still a dominant IDE for developers of C, C++, Visual Basic and C# code. It is also a popular for general C/C++ development even if the target application isn’t a Windows or .NET application. In fact, along with Eclipse, it’s a development environment in demand.
Paul Anderson, VP of Engineering at GrammaTech, explains in his latest publication how to integrate the Advanced Static Analysis Tool GrammaTech CodeSonar into Visual Studio.     Learn more

Crank Software Achieved Great Results with GrammaTech CodeSonar

(Ithaca/New York/USA, 9 October 2018)

Crank Software's products and services enable R&D teams and user interface (UI) designers to quickly and collaboratively develop rich, animated UIs for resource-constrained embedded devices.
Software quality and security are paramount for Crank Software. In addition, they must deliver their software with the same level of quality on over 55 different target hardware platforms.
In order to achieve their quality goals, Crank Software’s development team is using CodeSonar’s advanced static analysis capability to help find and fix quality and security issues within their code. In particular, they were looking for tools that could be dropped into their process and would quickly create improvements.
Crank’s development teams integrated CodeSonar into their production process, static analysis is used as soon as code is created or changes are made. Since issues are being caught and fixed very early in the coding process, they are seeing quantifiable results. CodeSonar is well suited for analyzing code right as it understands the code given sufficient information such as header files for the embedded OS.
As a result, of their use of CodeSonar they’ve also improved their end product and Crank Software is better-positioned for the certifications needed to drive greater adoption.
Learn more: GrammaTech Blog

Release of CodeSonar 5.0. with many highlights

(Ithaca/New York/USA, Offenburg, 20 August 2018)

GrammTech releases version 5.0. of the Static Code Analysis Tool CodeSonar with an increased language coverage with C# and support for Microsoft Visual Studio and Chinese language support, new copy and paste checker and binary code analysis decompiler increases the reach of CodeSonar across the enterprise. Further new features are:
  • C# Analysis with FxCop
  • Eclipse Integration
  • C++ Compatibility
  • Role-based Access Control Improvements
  • Copy-Paste Error Plug-in
  • Floating Point Warning Classes
  • SARIF Importer Plug-In
Click here to see all new features of CodeSonar 5.0.

24/7 online training for GrammaTech CodeSonar available

There is an online training for GrammaTech CodeSonar available. You have 24 hours per day, 7 days a week access to helpful webinars and tutorials 24 hours per day. The price for this training depends on the license and the amount of users.
Please contact us for pricing.

GrammaTech Extends the Reach of Static Analysis by Combining Static Analysis for Source and Binary with Dynamic Analysis

(Ithaca, New York/USA, Offenburg/Germany, 16 February 2018)

GrammaTech will soon release two new tools available to find more bugs earlier, and fix them quicker: CodeSonar/Libraries and CodeSonar/X.
CodeSonar is the first static analysis tool that can extend source code static analysis into libraries that are only available in binary form through its CodeSonar/Libraries plugin. The tool adds the capability to seamlessly switch between source and binary analysis as it examines possible paths through the program. This results in a net increase of the number of problems detected in the user’s source code. Many software development projects use binary libraries with content from third party vendors, or from existing legacy code. Examples of these include firmware, operating system libraries, graphical user interface subsystems, or middleware layers such as CORBA, DDS, MQTT or others.
CodeSonar/X is a ground-breaking new capability connecting static analysis with dynamic analysis to help software developers improve efficiency, further reduce risk and decrease time-to-market. This plug-in for GrammaTech’s CodeSonar reports state corruptions during host-based testing by monitoring memory access. It combines static and dynamic violations and reports them in the CodeSonar User Interface, helping engineers correlate and prioritize.
CodeSonar/Libraries is available now, with CodeSonar/X following later this year.

VDC Research Report: Market for Automated Testing and Static Analysis Tools Growing

(Ithaca, New York/USA, Offenburg/Germany, 15 December 2017)

The VDC report entitled "The Global Market for Automated Software & Security Testing Tools" states that the market for testing tools is increasing and that software developers are accepting the fact that finding and fixing bugs and security vulnerabilities early has huge benefits in terms of cost, time and product quality and security.
According to the report, 82.3% of static analysis tools used in the enterprise and IT market, as well as 45.5% in embedded and IoT market, are focused on security.
Unfortunately, despite this growth, security risk mitigation is still not being addressed enough in embedded projects. Only 22.9% of embedded/IoT engineers is not taking any actions to address potential issues on current projects. It is important that embedded and IoT manufacturers take more action on securing their devices.
The VDC report has numerous findings about the automated testing market as a whole.
Some interesting points made in the report related to static analysis include the following:
  • A general recommendation to include static analysis as part of a automated testing portfolio
  • Static analysis tools are often easier to adopt than other automated testing tools making them a good entry point for adoption
  • The re-use/use of third party code in embedded projects continues to grow and the adoption of binary static analysis, although initially small, is growing rapidly.
More information: GrammaTech Blog

GrammaTech CodeSonar 4.5 with Focus on Cybersecurity Released

(Ithaca, New York/USA, Offenburg/Germany, 29 November 2017)

Version 4.5 of the Static Code Analysis Tool GrammaTech CodeSonar is now available. The new version comes with a rapid development environment, new secure coding checkers to thwart cybercrime, and an improved floating point support.

CodeSonar 4.5 brings a comprehensive set of enhancements and a host of new features to software teams seeking to improve their secure software development lifecycle (SDLC). C++ and Python APIs which have been introduced in the latest version help software teams to rapidly build domain specific checks to express their design invariants for CodeSonar to evaluate. An API is also available to quickly add support for new compilers.
Improved floating point support allows CodeSonar to find more defects in code paths that rely on decisions involving floating point computations. In order to help combat the rise of cybercrime within companies, new checkers detect malicious code that has purposely or inadvertently been added into code. 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people making mistakes that lead to a system breach or incorrect behavior) according to an IBM study. Suspicious code is highlighted by the new checkers before it can pose a problem in deployed systems. A 30-day free trial of CodeSonar 4.5 is available on demand.
VDC research reports on Industry 4.0 security concerns

VDC Research Highlights Cybersecurity Concerns in Industry 4.0

(Offenburg/Germany, Ithaca, New York/USA, 15 August 2017)

As more companies have Industry 4.0 initiatives underway to refine and accelerate the realization of the smart factory vision, new data from VDC research indicates that these systems and software teams aren't taking enough precautions for security protection.
VDC recommends adopting a "secure by design" approach, which includes ensuring the quality and security of increasingly-used open-source, re-used, and third party code. An automated tool like CodeSonar, that can analyze both source and binary code to find defects and security vulnerabilities, is increasingly important as software development shifts to this new approach.
The report offers important recommendations to improve quality and security in this increasingly challenging era of device safety and security. > more information
Read the VDC Report here.

GrammaTech announced CodeSonar 4.5 with Risk Dashboard

(Ithaca, New York/USA, Offenburg/Germany, 9 March 2017)

GrammaTech today announced the availability of the CodeSonar Risk Dashboard in CodeSonar 4.5. This new version of the leading static analysis tool will be released in the second calendar quarter of 2017.
The Risk Dashboard is a new capability which provides executives with an immediate read-out of the level of outstanding security risks in their projects. It provides the data needed to improve decision-making concerning security investments. The Risk Dashboard supports both source and binary analysis. It can be used to measure risks during the software development phase and in deployment environments.

GrammaTech Named to 50 Most Promising IoT Solution Providers

(Ithaca, New York/USA, Offenburg/Germany, 23 January 2017)

GrammaTech was named to CIO Review Magazine’s list of 50 Most Promising IoT Solution Providers of the year for 2016. The list of companies was selected by a panel of experts and members of CIO Review’s editorial board; GrammaTech’s IoT solutions were selected based on their ability to deliver exceptional value in today’s IoT-driven marketplace. Derived from deep innovation and intensive research in software analysis and software hardening, GrammaTech’s solutions are designed to address today’s most challenging software issues.
Today, more systems are controlled by software, more devices are connected, and more software is susceptible to attack. Developers need better tools to be able to deliver connected devices that are secure.
Unlike other traditional tools vendors, GrammaTech’s mission includes a research arm with over 20 PhDs focused on advancing the state-of-the-art in software analysis and protection. Through highly innovative research programs advancing techniques and technologies in software analysis, transformation, monitoring, and autonomic functions, GrammaTech’s software scientists are solving the software issues impacting the embedded, M2M, and IoT equipment markets.

GrammaTech CodeSonar 4.4 Available

(Ithaca, New York/USA, Offenburg/Germany, 2 November 2016)

Version 4.4 of GrammaTech CodeSonar is available. The release comes with the following enhancements:
  • 18 new warning classes for MISRA C/C++
  • New versions of FindBugs and PMD introduce many new warnings for Java.
  • Better handling of C++14 constructs
  • Compiler vendor extensions including Microsoft Visual Studio 2015 toolchain.

GrammaTech Recognized in Silicon Review's 50 Smartest Companies of the Year

(Ithaca, New York/USA, Offenburg/Germany, 6 October 2016)

GrammaTech was recognized in the Silicon Review as one of the 50 Smartest Companies of 2016. Silicon Review is a preeminent business and technology magazine for tech decision makers and enterprise IT professionals. GrammaTech was selected among companies around the world with software solutions that drive business value in the evolving technical IoT landscape.
GrammaTech excels with strong software assurance innovations in static analysis of source and binary code.
GrammaTech’s software scientists are pushing the boundaries of software analysis and hardening techniques and technologies with the objectif of helping commercial manufacturers eliminate critical software defects from increasingly complex IoT device software.

GrammaTech Starts Work on Advanced Analysis Engine for a Predictive Auto-Complete and Auto-Correct Code (DARPA´s PLINY Project)

(Ithaca/New York, 30 April 2015)

GrammaTech has begun work on PLINY, a joint effort among GrammaTech and three Universities, with the goal to automatically detect program defects, suggest program repairs, and complete program drafts. PLINY is part of DARPA´s (Defense Advanced Research Projects Agency) Mining and Understanding Software Enclaves (MUSE) program.
This initiative seeks to gather hundreds of billions of lines of publicly available open-source computer code to mine in an effort to create a searchable database of properties, behaviors, and vulnerabilities.
GrammaTech´s static code analysis tool CodeSonar will be at the center of the effort to generate features. CodeSonar has an extraordinary scalability, and an analysis engine with proven capabilities for discovering subtle program properties.     > further information

GrammaTech Announces an increase of 60% in CodeSonar annual Sales

(Ithaca/New York, Offenburg/Germany, 18 September 2014)

More and more customers from Aerospace, Automotive, Medical, Military, and Telecom Industries rely on the expertise of GrammaTech´s CodeSonar, a leading Static Code Analysis tool. Today GrammaTech announced a 60 percent increase in annual sales for its fiscal year, which closed on July 31.
GrammaTech´s success has been driven by new capabilities in CodeSonar for achieving standards compliance, eliminating multi-core issues, analyzing third-party code as well as improving software security by addressing dangerous information flows. CodeSonar is designed for failure-intolerant embedded environments. The tool analyzes both source code and binaries and identifies serious security and quality liabilities. Vulnerabilities, system crashes and unexpected behaviour at runtime as a result of e.g. memory corruption, leaks, data races, and other bugs can be avoided early in the development process.
For companies, which would like to increase their software quality, we propose static analysis by CodeSonar. Please ask for a free evaluation and get informed about our interesting license models.

GrammaTech President Thomas Reps Elected to Academia Europaea

(Ithaca, New York/USA, 24 October 2013)

GrammaTech, Inc., announced that Europe´s foremost thought-leadership academy, the Academia Europaea, has elected Dr. Thomas Reps, President and Co-Founder of GrammaTech, to be a foreign member in the Informatics division. Academy members rarely include scholars who are residents in other regions of the world. Only nine from 3,000 members of the Informatics division are from the United States.
"The invitation by Academia Europaea honors Tom´s ground breaking research on automated program analysis, computer security, and model checking based on his work at University of Wisconsin and GrammaTech," stated fellow member of the academy, Prof. Dr. Dr. h.c. Reinhard Wilhelm of the Saarland University in Saarbrücken, Germany.
The Academy´s mission is to encourage the highest possible standards in scholarship, research, and education, while promoting interdisciplinary and international research in all areas of learning.

GrammaTech Selected by the U.S. Navy to Improve Software Security

(Ithaca, New York/USA, 19 August 2013)

GrammaTech has been selected by the U.S. Navy to develop a tool that will provide computer systems with the ability to understand and react to malicious attacks, and then continue running safely. In this project, GrammaTech researchers will use a combination of automatic program analysis and manual tuning techniques to develop a tool for creating a model of a system´s intended behavior, capturing its most important properties and determining what low level events must be tracked in order to observe the system´s critical behavior.
The development of this tool will provide security-critical systems with an extra layer of protection against attacks, including attacks that don´t involve unusual system call activity. The technology will be immediately useful to branches of the government, financial institutions, and any companies whose systems require strenuous security protection.