27 April 2021
Tool specific news: Company
Testwell CMT++/CMTJava
Testwell CTC++
GrammaTech CodeSentry
GrammaTech CodeSonar
Imagix
Events/Seminars
ALL NEWS
Newsletter
You wish to be informed about our latest product news and events?Register here for our Newsletter.
You will receive our news 2-4 times per year (cancellation of your subscription is possible at any time).
Your email and contact data will only be used for our newsletter and will not be forwarded to any other company.
Read our latest newsletter here.
VDC Research Report: Market for Automated Testing and Static Analysis Tools Growing
(Ithaca, New York/USA, Offenburg/Germany, 15 December 2017)
The VDC report entitled "The Global Market for Automated Software & Security Testing Tools" states that the market for testing tools is increasing and that software developers are accepting the fact that finding and fixing bugs and security vulnerabilities early has huge benefits in terms of cost, time and product quality and security.
According to the report, 82.3% of static analysis tools used in the enterprise and IT market, as well as 45.5% in embedded and IoT market, are focused on security.
Unfortunately, despite this growth, security risk mitigation is still not being addressed enough in embedded projects. Only 22.9% of embedded/IoT engineers is not taking any actions to address potential issues on current projects. It is important that embedded and IoT manufacturers take more action on securing their devices.
The VDC report has numerous findings about the automated testing market as a whole.
Some interesting points made in the report related to static analysis include the following:
According to the report, 82.3% of static analysis tools used in the enterprise and IT market, as well as 45.5% in embedded and IoT market, are focused on security.
Unfortunately, despite this growth, security risk mitigation is still not being addressed enough in embedded projects. Only 22.9% of embedded/IoT engineers is not taking any actions to address potential issues on current projects. It is important that embedded and IoT manufacturers take more action on securing their devices.
The VDC report has numerous findings about the automated testing market as a whole.
Some interesting points made in the report related to static analysis include the following:
- A general recommendation to include static analysis as part of a automated testing portfolio
- Static analysis tools are often easier to adopt than other automated testing tools making them a good entry point for adoption
- The re-use/use of third party code in embedded projects continues to grow and the adoption of binary static analysis, although initially small, is growing rapidly.
GrammaTech CodeSonar 4.5 with Focus on Cybersecurity Released
(Ithaca, New York/USA, Offenburg/Germany, 29 November 2017)
Version 4.5 of the Static Code Analysis Tool GrammaTech CodeSonar is now available. The new version comes with a rapid development environment, new secure coding checkers to thwart cybercrime, and an improved floating point support.
CodeSonar 4.5 brings a comprehensive set of enhancements and a host of new features to software teams seeking to improve their secure software development lifecycle (SDLC). C++ and Python APIs which have been introduced in the latest version help software teams to rapidly build domain specific checks to express their design invariants for CodeSonar to evaluate. An API is also available to quickly add support for new compilers.
Improved floating point support allows CodeSonar to find more defects in code paths that rely on decisions involving floating point computations. In order to help combat the rise of cybercrime within companies, new checkers detect malicious code that has purposely or inadvertently been added into code. 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people making mistakes that lead to a system breach or incorrect behavior) according to an IBM study. Suspicious code is highlighted by the new checkers before it can pose a problem in deployed systems. A 30-day free trial of CodeSonar 4.5 is available on demand.
CodeSonar 4.5 brings a comprehensive set of enhancements and a host of new features to software teams seeking to improve their secure software development lifecycle (SDLC). C++ and Python APIs which have been introduced in the latest version help software teams to rapidly build domain specific checks to express their design invariants for CodeSonar to evaluate. An API is also available to quickly add support for new compilers.
Improved floating point support allows CodeSonar to find more defects in code paths that rely on decisions involving floating point computations. In order to help combat the rise of cybercrime within companies, new checkers detect malicious code that has purposely or inadvertently been added into code. 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people making mistakes that lead to a system breach or incorrect behavior) according to an IBM study. Suspicious code is highlighted by the new checkers before it can pose a problem in deployed systems. A 30-day free trial of CodeSonar 4.5 is available on demand.
GrammaTech CodeSonar analyses Objective-C Code
(Ithaca/New York, Offenburg/Germany, 27 Oktober 2017)
Static Analysis: Interview with GrammaTech's vice president of engineering, Paul Anderson
(Ithaca/New York, Offenburg/Germany, 27 September 2017)
> Listen to the podcast here
VDC Research Highlights Cybersecurity Concerns in Industry 4.0
(Offenburg/Germany, Ithaca, New York/USA, 15 August 2017)
VDC recommends adopting a "secure by design" approach, which includes ensuring the quality and security of increasingly-used open-source, re-used, and third party code. An automated tool like CodeSonar, that can analyze both source and binary code to find defects and security vulnerabilities, is increasingly important as software development shifts to this new approach.
The report offers important recommendations to improve quality and security in this increasingly challenging era of device safety and security. > more information
Read the VDC Report here.
Domain Specific and Custom Error Checking in Advanced Static Analysis Tools
Advanced static analysis tools have the capability to create custom, domain specific, checkers via various means including programming to an exposed API.
This post provides a brief summary of how custom checkers work within the architecture of an advanced static analysis tool, how they are implemented and possible applications. More information here
VDC Report recommends adopting a security-first design approach
(Offenburg/Germany, Ithaca, New York/USA, 26 July 2017)
VDC recommends adopting a security-first design approach, which includes ensuring the quality and security of increasingly-used open-source, re-used, and third party code. An automated tool like CodeSonar, that can analyze both source and binary code to find defects and security vulnerabilities, is increasingly important as software development shifts to this new approach.
The report offers important recommendations to improve quality and security in this increasingly challenging era of device safety and security. For more information on how to help your team adopt a security-first approach:
- Read our blog series: A Four-Step Guide to Security Assurance for IoT Devices
- Learn more about analyzing third party binary code
- Watch a video about the benefits of integrating CodeSonar into development
GrammaTech-Video shows advantages of Advanced Static Code Analysis compared to „simple“ analysis tools
(Ithaca/New York, Offenburg/Germany, 6 April 2017)
Verifysoft exhibited at Embedded World 2017: Watch our Video Now!
(Nuremberg/Germany, 16 March 2017)
Verifysoft's Software Testing Solutions meet the requirements of standards like DO-178C, EN 50128, IEC 61508, 62304 or ISO 26262 and are used in safety and security critical projects.
We provide testing tools for Static analysis, dynamic analysis and for code coverage.
Read more and watch our video now
GrammaTech announced CodeSonar 4.5 with Risk Dashboard
(Ithaca, New York/USA, Offenburg/Germany, 9 March 2017)
GrammaTech today announced the availability of the CodeSonar Risk Dashboard in CodeSonar 4.5. This new version of the leading static analysis tool will be released in the second calendar quarter of 2017.
The Risk Dashboard is a new capability which provides executives with an immediate read-out of the level of outstanding security risks in their projects. It provides the data needed to improve decision-making concerning security investments. The Risk Dashboard supports both source and binary analysis. It can be used to measure risks during the software development phase and in deployment environments.
The Risk Dashboard is a new capability which provides executives with an immediate read-out of the level of outstanding security risks in their projects. It provides the data needed to improve decision-making concerning security investments. The Risk Dashboard supports both source and binary analysis. It can be used to measure risks during the software development phase and in deployment environments.
GrammaTech Named to 50 Most Promising IoT Solution Providers
(Ithaca, New York/USA, Offenburg/Germany, 23 January 2017)
GrammaTech was named to CIO Review Magazine’s list of 50 Most Promising IoT Solution Providers of the year for 2016. The list of companies was selected by a panel of experts and members of CIO Review’s editorial board; GrammaTech’s IoT solutions were selected based on their ability to deliver exceptional value in today’s IoT-driven marketplace. Derived from deep innovation and intensive research in software analysis and software hardening, GrammaTech’s solutions are designed to address today’s most challenging software issues.
Today, more systems are controlled by software, more devices are connected, and more software is susceptible to attack. Developers need better tools to be able to deliver connected devices that are secure.
Unlike other traditional tools vendors, GrammaTech’s mission includes a research arm with over 20 PhDs focused on advancing the state-of-the-art in software analysis and protection. Through highly innovative research programs advancing techniques and technologies in software analysis, transformation, monitoring, and autonomic functions, GrammaTech’s software scientists are solving the software issues impacting the embedded, M2M, and IoT equipment markets.
Today, more systems are controlled by software, more devices are connected, and more software is susceptible to attack. Developers need better tools to be able to deliver connected devices that are secure.
Unlike other traditional tools vendors, GrammaTech’s mission includes a research arm with over 20 PhDs focused on advancing the state-of-the-art in software analysis and protection. Through highly innovative research programs advancing techniques and technologies in software analysis, transformation, monitoring, and autonomic functions, GrammaTech’s software scientists are solving the software issues impacting the embedded, M2M, and IoT equipment markets.