Tool specific news: Company Testwell CMT++/CMTJava Testwell CTC++ Elvior TestCast GrammaTech CodeSonar Imagix Julia Static Analysis Events/Seminars ALL NEWS
Newsletter
VDC Research Report: Market for Automated Testing and Static Analysis Tools Growing
(Ithaca, New York/USA, Offenburg/Germany, 15 December 2017)
The VDC report entitled "The Global Market for Automated Software & Security Testing Tools" states that the market for testing tools is increasing and that software developers are accepting the fact that finding and fixing bugs and security vulnerabilities early has huge benefits in terms of cost, time and product quality and security.
According to the report, 82.3% of static analysis tools used in the enterprise and IT market, as well as 45.5% in embedded and IoT market, are focused on security.
Unfortunately, despite this growth, security risk mitigation is still not being addressed enough in embedded projects. Only 22.9% of embedded/IoT engineers is not taking any actions to address potential issues on current projects. It is important that embedded and IoT manufacturers take more action on securing their devices.
The VDC report has numerous findings about the automated testing market as a whole.
Some interesting points made in the report related to static analysis include the following:
According to the report, 82.3% of static analysis tools used in the enterprise and IT market, as well as 45.5% in embedded and IoT market, are focused on security.
Unfortunately, despite this growth, security risk mitigation is still not being addressed enough in embedded projects. Only 22.9% of embedded/IoT engineers is not taking any actions to address potential issues on current projects. It is important that embedded and IoT manufacturers take more action on securing their devices.
The VDC report has numerous findings about the automated testing market as a whole.
Some interesting points made in the report related to static analysis include the following:
- A general recommendation to include static analysis as part of a automated testing portfolio
- Static analysis tools are often easier to adopt than other automated testing tools making them a good entry point for adoption
- The re-use/use of third party code in embedded projects continues to grow and the adoption of binary static analysis, although initially small, is growing rapidly.
GrammaTech CodeSonar 4.5 with Focus on Cybersecurity Released
(Ithaca, New York/USA, Offenburg/Germany, 29 November 2017)
Version 4.5 of the Static Code Analysis Tool GrammaTech CodeSonar is now available. The new version comes with a rapid development environment, new secure coding checkers to thwart cybercrime, and an improved floating point support.
CodeSonar 4.5 brings a comprehensive set of enhancements and a host of new features to software teams seeking to improve their secure software development lifecycle (SDLC). C++ and Python APIs which have been introduced in the latest version help software teams to rapidly build domain specific checks to express their design invariants for CodeSonar to evaluate. An API is also available to quickly add support for new compilers.
Improved floating point support allows CodeSonar to find more defects in code paths that rely on decisions involving floating point computations. In order to help combat the rise of cybercrime within companies, new checkers detect malicious code that has purposely or inadvertently been added into code. 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people making mistakes that lead to a system breach or incorrect behavior) according to an IBM study. Suspicious code is highlighted by the new checkers before it can pose a problem in deployed systems. A 30-day free trial of CodeSonar 4.5 is available on demand.
CodeSonar 4.5 brings a comprehensive set of enhancements and a host of new features to software teams seeking to improve their secure software development lifecycle (SDLC). C++ and Python APIs which have been introduced in the latest version help software teams to rapidly build domain specific checks to express their design invariants for CodeSonar to evaluate. An API is also available to quickly add support for new compilers.
Improved floating point support allows CodeSonar to find more defects in code paths that rely on decisions involving floating point computations. In order to help combat the rise of cybercrime within companies, new checkers detect malicious code that has purposely or inadvertently been added into code. 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people making mistakes that lead to a system breach or incorrect behavior) according to an IBM study. Suspicious code is highlighted by the new checkers before it can pose a problem in deployed systems. A 30-day free trial of CodeSonar 4.5 is available on demand.
Testwell CTC++ adapted for IAR Workbench 8.0
(Offenburg/Germany, 23 November 2017)
Verifysoft has released a new adaptation for Testwell CTC++ Test Coverage Analyser for IAR Embedded Workbench. Now also the latest version 8.0 of IAR Embedded Workbench is supported.
Testwell CTC++ can be used with all embedded targets and all compilers. The adaptation to new compilers is easy.
Testwell CTC++ can be used with all embedded targets and all compilers. The adaptation to new compilers is easy.

Dr. Sabine Poehler appointed Product Manager for Testwell Tools
(Offenburg, 21 November 2017)
Sabine Poehler studied mathematics and computer science at the University of Stuttgart with diploma and doctoral degrees. She was a research assistant at the University of Stuttgart and then held various tasks as a consultant and product manager. Before joining Verifysoft, she worked for many years as head of strategic software development for a medium-sized software manufacturer.
The product line "Testwell" has been developed since 1989, among others, by the company Testwell in Tampere (Finland) (> learn more here). Verifysoft is currently building another development department at the Offenburg site in Germany.

Verifysoft 2017 with new record sales: several vacancies available
(Offenburg/Germany, 16 November 2017)
We want to continue our growth in 2018 and strengthen our team once again. Currently, there are available positions in development and support.

GrammaTech CodeSonar analyses Objctive-C Code
(Ithaca/New York, Offenburg/Germany, 27 Oktober 2017)
Release of Elvior TestCast T3 version 6.12.1
(Tallinn/Estland, Offenburg/Germany, 10 October 2017)
Elvior has released a new version of the test execution tool TestCast with the following features:
- ETSI ES 201 873-1 4.9.1 support (TTCN-3:2017)
- File system monitoring
- Asynchronous TLI

Visit our Presentations and Workshop about Code Coverage at Embedded Conference Scandinavia
(Offenburg/Germany, Stockholm/Sweden, 27 September 2017)
The Embedded Conference Scandinavia is a 2 days long conference and exhibition which covers all actual topics from the Embedded Sector. We are looking forward to meeting you at our booth no. 95 during the conference on either 7th or 8th November.

Static Analysis: Interview with GrammaTech's vice president of engineering, Paul Anderson
(Ithaca/New York, Offenburg/Germany, 27 September 2017)
> Listen to the podcast here

Testwell tools at the Embedded Connectivity and Tech Conference in India
(Offenburg/Germany, Bangalore/India)

Shanghai 25th-26th October: Verifysoft presents Testwell CTC++ at Embedded ECU ISO26262 and Integration Testing Workshop
(Offenburg/Germany, Beijing/China)
The workshop is being organized by the partner of Verifysoft, Beijing Siener Electronics Tech. Development Ltd. and is dedicated to Software Testing for embedded safety-critical systems.
Verifysoft will present Code Coverage requirements for ISO 26262, the principles and key points in measuring code coverage with Testwell CTC++, the leading Code Coverage Analyzer in automotive industry.

Verifysoft: The customers’ satisfaction is more important than making a fast buck for our quarterly result
(Offenburg/Germany, 22 August 2017)
Here the chapters of the interview:
(1) Who is Verifysoft and what is Verifysoft's offering? (04:15), (2) How important is the Quality of Software? (02:16), (3) Who needs Verifysoft's Testing Tools? (03:06), (4) Who are the Customers of Verifysoft? (02:34), (5) What is the Strategy of Verifysoft? (03:10), (6) How is the Evolution of Verifysoft's Business? (04:44), (7) What is the "Spirit of the Verifysoft Team? (03:02).

VDC Research Highlights Cybersecurity Concerns in Industry 4.0
(Offenburg/Germany, Ithaca, New York/USA, 15 August 2017)
VDC recommends adopting a "secure by design" approach, which includes ensuring the quality and security of increasingly-used open-source, re-used, and third party code. An automated tool like CodeSonar, that can analyze both source and binary code to find defects and security vulnerabilities, is increasingly important as software development shifts to this new approach.
The report offers important recommendations to improve quality and security in this increasingly challenging era of device safety and security. > more information
Read the VDC Report here.

Domain Specific and Custom Error Checking in Advanced Static Analysis Tools
Advanced static analysis tools have the capability to create custom, domain specific, checkers via various means including programming to an exposed API.
This post provides a brief summary of how custom checkers work within the architecture of an advanced static analysis tool, how they are implemented and possible applications. More information here

VDC Report recommends adopting a security-first design approach
(Offenburg/Germany, Ithaca, New York/USA, 26 July 2017)
VDC recommends adopting a security-first design approach, which includes ensuring the quality and security of increasingly-used open-source, re-used, and third party code. An automated tool like CodeSonar, that can analyze both source and binary code to find defects and security vulnerabilities, is increasingly important as software development shifts to this new approach.
The report offers important recommendations to improve quality and security in this increasingly challenging era of device safety and security. For more information on how to help your team adopt a security-first approach:
- Read our blog series: A Four-Step Guide to Security Assurance for IoT Devices
- Learn more about analyzing third party binary code
- Watch a video about the benefits of integrating CodeSonar into development
Testwell CTC++ is now transparently integrateable into Cygwin Toolchains
(Offenburg/Germany, 7 July 2017)
Testwell CTC++ now includes a native support for Cygwin-Toolchains. This also means that Cygwin is now as easy to use with Testwell CTC++ as if one would work with native Windows- or MinGW-Toolchains.
Cygwin provides native integration of Windows-based applications, data, and other system resources with applications, software tools, and data of the Unix-like environment. Thus it is possible to launch Windows applications from the Cygwin environment, as well as to use Cygwin tools and applications within the Windows operating context.
Testwell CTC++ is a leading code coverage tool for safety and security critical embedded software development.
Cygwin provides native integration of Windows-based applications, data, and other system resources with applications, software tools, and data of the Unix-like environment. Thus it is possible to launch Windows applications from the Cygwin environment, as well as to use Cygwin tools and applications within the Windows operating context.
Testwell CTC++ is a leading code coverage tool for safety and security critical embedded software development.

Verifysoft with 40% yearly growth: several vacant positions
(Offenburg, 19 June 2017)
Our turnover growth between 2014 and 2016 was average 40% per year. For the current year, we expect an even bigger increase in turnover.
In order to support our growth in the long term, we need further qualified employees, who will complete our motivated international team. In Offenburg we currently have vacancies for product managers, software developers, marketing and sales.
Verifysoft has been developing and distributing leading test tools since 2003 that are successfully used in safety-critical software development by hundreds of customers in more than 30 countries.

Verifysoft’s software test solutions at QA & Test in Bilbao (Spain)
Verifysoft will be present with a booth during all three days of QA & Test (25th-27th October 2017) and the visitors can learn more about the solutions for code coverage on safety-critical embedded targets and source code analysis.
The attendees of the conference are welcome to join the product demonstration of Testwell CTC++ Code Coverage Analyzer, which will take place during the event.
Sebastian Goetzinger, IT Trainer at Verifysoft, will also give a workshop “Code Coverage on μ-Controller” where on the example of Code Coverage Analyzer Testwell CTC++, Arduino Uno and a common laptop will be shown, how to extract data in order to convert it to the corresponding reports. More information here

Verifysoft expands it's activities in South-Korea and assigns Realtimewave as further Distributor
(Offenburg/Germany, Seongnam/South-Korea, 19 June 2017)
> More information about our distributors
Testwell CTC++ Plugin integrates Code Coverage in Microchip’s MPLAB X
(Offenburg/Germany, 14 June 2017)
The new plugin CTC4MPlabX allows Testwell CTC++ to be used with MPLAB-X, and all of Microchip's latest compilers: xc8, xc16, and xc32.
In addition to that, and thanks to the plugin we developed for the IDE, code coverage can now be measured without complicated command line tricks: everything is done on a click of a button!
Thanks to Testwell CTC++ and its bitcov addon, code coverage can now be measured on all PICs in a split second, no matter if 8, 16, or 32 bits, and this with a very low memory footprint!
In addition to that, and thanks to the plugin we developed for the IDE, code coverage can now be measured without complicated command line tricks: everything is done on a click of a button!
Thanks to Testwell CTC++ and its bitcov addon, code coverage can now be measured on all PICs in a split second, no matter if 8, 16, or 32 bits, and this with a very low memory footprint!
Testwell CTC++ 8.2 Available: Now also with JSON output Format
(Offenburg/Germany, Tampere/Finland, 16 May 2017)
Version 8.2 of Testwell CTC++ introduces JSON (JavaScript Object Notation) coverage reports. These coverage reports are similar to XML reports, but easier and faster to process in Javascripts.
There are also enhancements that are mainly focused on various advanced use cases as well as some corrections of bugs found since the previous version.
> more information
There are also enhancements that are mainly focused on various advanced use cases as well as some corrections of bugs found since the previous version.
> more information
Release of Elvior TestCast T3 Version 6.11.2
(Tallinn/Estland, Offenburg/Deutschland, 27. April 2017)
Elvior has released a new version of the test execution tool TestCast with the following features:
- ETSI ES 201 873-9 4.7.1 support (using XML schema with TTCN-3)
- Support for external library modules (Math, String, DateTime)
- Log synchronization - enables test session logs usage during runtime
- Improved detection of uninitialized values in compile time
- When a disallowed operation is detected during a blocking call in runtime, the name of the operation is printed in the exception message

Verifysoft presented Testing-Tools for DO-178C-Projects at Aviation Electronics Europe
(Munich/Germany, 26 April 2017)
Verifysoft Technology presented Testwell CTC++ and GrammaTech CodeSonar .
Both tools are compliant to DO-178C and are used with great success to enhance aviation software.
During the presentation "Advanced Static Analysis and Code Coverage for safety critical application" the advantages of Testwell CTC++ and GrammaTech CodeSonar has been shown to the audience.
Watch the presentation of Testwell CTC++ here

“Testwell CTC++ gives us what we need while keeping the process simple”: New Testwell CTC++ customer testimonial from medical industry (ISD, Sri Lanka)
(Offenburg/Germany, Colombo/Sri Lanka, 11 April 2017)
In the following Customer Testimonial Mr. Harin de Silva talks about advantages of Testwell CTC++: “We chose Testwell CTC++ in order to aid us in the unit tests and verification. (...) One of the biggest challenges that we had was the limited memory in our systems. Testwell CTC++ required a very small footprint for its instrumentation and the Host target add-on makes integrations to any system easy. The important point here is that we don’t have any restrictions with compilers, IDEs or debug tools. We are able to use Testwell CTC++ without changing our development process drastically…”
>Read full Customer Testimonial here

GrammaTech-Video shows advantages of Advanced Static Code Analysis compared to „simple“ analysis tools
(Ithaca/New York, Offenburg/Germany, 6 April 2017)

Verifysoft exhibited at Embedded World 2017: Watch our Video Now!
(Nuremberg/Germany, 16 March 2017)
Verifysoft's Software Testing Solutions meet the requirements of standards like DO-178C, EN 50128, IEC 61508, 62304 or ISO 26262 and are used in safety and security critical projects.
We provide testing tools for Static analysis, dynamic analysis and for code coverage.
Read more and watch our video now
GrammaTech announced CodeSonar 4.5 with Risk Dashboard
(Ithaca, New York/USA, Offenburg/Germany, 9 March 2017)
GrammaTech today announced the availability of the CodeSonar Risk Dashboard in CodeSonar 4.5. This new version of the leading static analysis tool will be released in the second calendar quarter of 2017.
The Risk Dashboard is a new capability which provides executives with an immediate read-out of the level of outstanding security risks in their projects. It provides the data needed to improve decision-making concerning security investments. The Risk Dashboard supports both source and binary analysis. It can be used to measure risks during the software development phase and in deployment environments.
The Risk Dashboard is a new capability which provides executives with an immediate read-out of the level of outstanding security risks in their projects. It provides the data needed to improve decision-making concerning security investments. The Risk Dashboard supports both source and binary analysis. It can be used to measure risks during the software development phase and in deployment environments.
Imagix 4D releases Imagix 4D version 9.0: Introduction of a review tool and checklist for Common Weakness Enumeration (CWE)
(San Luis Obispo/USA, Offenburg/Germany, 6 march 2017)
Imagix 4D Version 9.0 is now available. The new version introduces a review tool for guided checklist reviews and adds a checklist for Common Weakness Enumeration (CWE) testing. The performance of the flow check reports has been dramatically improved. The functionality of the calculation tree data flow visualizer has been expanded.
Testwell CMT++ Version 6.0.1 available
(Tampere/Finland, Offenburg/Germany, 6 March 2017)
The new version 6.0.1 Testwell CMT++ with smaller bug-fixes is now available for download. Further informations: Testwell CMT++ 6.0.1 Release-Notes
Release of Elvior TestCast T3 Version 6.11.1
(Tallinn/Estonia, Offenburg/Germany, 21 February 2017)
Elvior has released a new version of the test execution tool TestCast with the following features:
- Function for TCI value conversion to XML.
- Test case duration added to session reports.
- Faster XML decoding.
- Improved support for detection of unreferenced external module parameters etc.
GrammaTech Named to 50 Most Promising IoT Solution Providers
(Ithaca, New York/USA, Offenburg/Germany, 23 January 2017)
GrammaTech was named to CIO Review Magazine’s list of 50 Most Promising IoT Solution Providers of the year for 2016. The list of companies was selected by a panel of experts and members of CIO Review’s editorial board; GrammaTech’s IoT solutions were selected based on their ability to deliver exceptional value in today’s IoT-driven marketplace. Derived from deep innovation and intensive research in software analysis and software hardening, GrammaTech’s solutions are designed to address today’s most challenging software issues.
Today, more systems are controlled by software, more devices are connected, and more software is susceptible to attack. Developers need better tools to be able to deliver connected devices that are secure.
Unlike other traditional tools vendors, GrammaTech’s mission includes a research arm with over 20 PhDs focused on advancing the state-of-the-art in software analysis and protection. Through highly innovative research programs advancing techniques and technologies in software analysis, transformation, monitoring, and autonomic functions, GrammaTech’s software scientists are solving the software issues impacting the embedded, M2M, and IoT equipment markets.
Today, more systems are controlled by software, more devices are connected, and more software is susceptible to attack. Developers need better tools to be able to deliver connected devices that are secure.
Unlike other traditional tools vendors, GrammaTech’s mission includes a research arm with over 20 PhDs focused on advancing the state-of-the-art in software analysis and protection. Through highly innovative research programs advancing techniques and technologies in software analysis, transformation, monitoring, and autonomic functions, GrammaTech’s software scientists are solving the software issues impacting the embedded, M2M, and IoT equipment markets.
Testwell CTC++ 8.1 Available
(Offenburg/Germany, Tampere/Finland, 13 January 2017)
Version 8.1 of Testwell CTC++ contains the following enhancements (partial list):
- More robust behaviour, for avoiding certain problems, in a situation when two threads of an instrumented program trigger coverage data write-out at a same time.
- The coverage report can now be restricted also by header files
- For installation of the Visual Studio IDE Integration there is improved modify_msbuild_path.bat for better C# Framework64 support