VDC Research Report: Market for Automated Testing and Static Analysis Tools Growing

(Ithaca, New York/USA, Offenburg/Germany, 15 December 2017)

The VDC report entitled "The Global Market for Automated Software & Security Testing Tools" states that the market for testing tools is increasing and that software developers are accepting the fact that finding and fixing bugs and security vulnerabilities early has huge benefits in terms of cost, time and product quality and security.
According to the report, 82.3% of static analysis tools used in the enterprise and IT market, as well as 45.5% in embedded and IoT market, are focused on security.
Unfortunately, despite this growth, security risk mitigation is still not being addressed enough in embedded projects. Only 22.9% of embedded/IoT engineers is not taking any actions to address potential issues on current projects. It is important that embedded and IoT manufacturers take more action on securing their devices.
The VDC report has numerous findings about the automated testing market as a whole.
Some interesting points made in the report related to static analysis include the following:

A general recommendation to include static analysis as part of a automated testing portfolio
Static analysis tools are often easier to adopt than other automated testing tools making them a good entry point for adoption
The re-use/use of third party code in embedded projects continues to grow and the adoption of binary static analysis, although initially small, is growing rapidly.

More information: GrammaTech Blog

GrammaTech CodeSonar 4.5 with Focus on Cybersecurity Released

(Ithaca, New York/USA, Offenburg/Germany, 29 November 2017)

Version 4.5 of the Static Code Analysis Tool GrammaTech CodeSonar is now available. The new version comes with a rapid development environment, new secure coding checkers to thwart cybercrime, and an improved floating point support.

CodeSonar 4.5 brings a comprehensive set of enhancements and a host of new features to software teams seeking to improve their secure software development lifecycle (SDLC). C++ and Python APIs which have been introduced in the latest version help software teams to rapidly build domain specific checks to express their design invariants for CodeSonar to evaluate. An API is also available to quickly add support for new compilers.
Improved floating point support allows CodeSonar to find more defects in code paths that rely on decisions involving floating point computations. In order to help combat the rise of cybercrime within companies, new checkers detect malicious code that has purposely or inadvertently been added into code. 32% of attackers are insiders and 24% are “inadvertent actors” (e.g. people making mistakes that lead to a system breach or incorrect behavior) according to an IBM study. Suspicious code is highlighted by the new checkers before it can pose a problem in deployed systems. A 30-day free trial of CodeSonar 4.5 is available on demand.

Testwell CTC++ adapted for IAR Workbench 8.0

(Offenburg/Germany, 23 November 2017)

Verifysoft has released a new adaptation for Testwell CTC++ Test Coverage Analyser for IAR Embedded Workbench. Now also the latest version 8.0 of IAR Embedded Workbench is supported.
Testwell CTC++ can be used with all embedded targets and all compilers. The adaptation to new compilers is easy.

Dr. Sabine Poehler appointed Product Manager for Testwell Tools

(Offenburg, 21 November 2017)

As part of the expansion of the software development of the Code Coverage Analyzer Testwell CTC++ and the Complexity Measurement Tools Testwell CMT++ and Testwell CMTJava, Verifysoft appointed Dr Sabine Poehler as Product Manager "Testwell Tools".
Sabine Poehler studied mathematics and computer science at the University of Stuttgart with diploma and doctoral degrees. She was a research assistant at the University of Stuttgart and then held various tasks as a consultant and product manager. Before joining Verifysoft, she worked for many years as head of strategic software development for a medium-sized software manufacturer.
The product line "Testwell" has been developed since 1989, among others, by the company Testwell in Tampere (Finland) (> learn more here). Verifysoft is currently building another development department at the Offenburg site in Germany.

Verifysoft 2017 with new record sales: several vacancies available

(Offenburg/Germany, 16 November 2017)

In 2017, Verifysoft will again reach a new sales record compared to the record year 2016. For many years, the company has experienced average annual sales growth of more than 30%. In particular, our tools for measuring code coverage and static code analysis are in high demand. In addition to first-class test tools, our motivated team guarantees this positive development.
We want to continue our growth in 2018 and strengthen our team once again. Currently, there are available positions in development and support.

GrammaTech CodeSonar analyses Objctive-C Code

(Ithaca/New York, Offenburg/Germany, 27 Oktober 2017)

GrammaTech has released CodeSonar for Objective-C. Whith this release GrammaTech CodeSonar performs static analysis on the C part of Objective C. Objective-C is a very dynamic language that is based on message sending and these concepts are not validated by CodeSonar. However, if you have a buffer overflow, null pointer dereference or something like our normal C checks inside these functions, then CodeSonar will provide a warning. If you want to evaluate GrammaTech CodeSonar on your Objective-C code, please contact us.

Release of Elvior TestCast T3 version 6.12.1

(Tallinn/Estland, Offenburg/Germany, 10 October 2017)

Elvior has released a new version of the test execution tool TestCast with the following features:

ETSI ES 201 873-1 4.9.1 support (TTCN-3:2017)
File system monitoring
Asynchronous TLI

Visit our Presentations and Workshop about Code Coverage at Embedded Conference Scandinavia

(Offenburg/Germany, Stockholm/Sweden, 27 September 2017)

Verifysoft talks about Code Coverage for small safety-critical embedded systems at the Embedded Conference Scandinavia in Stockholm (Sweden) on 7th and 8th of November 2017, in addition in a second presentation about Code Coverage on CUDA. We also show how to measure Code Coverage on μ-Controller in a Workshop on the day before.
The Embedded Conference Scandinavia is a 2 days long conference and exhibition which covers all actual topics from the Embedded Sector. We are looking forward to meeting you at our booth no. 95 during the conference on either 7th or 8th November.

Static Analysis: Interview with GrammaTech's vice president of engineering, Paul Anderson

(Ithaca/New York, Offenburg/Germany, 27 September 2017)

After a brief introduction to static analysis, Paul discuss various topics related to static analysis. Topics include: use cases for static analysis, an introduction to binary code analysis and a discussion of the trade offs necessary between precision, recall and performance. Paul also provides some interesting examples of where static analysis has found some really hard-to-find bugs in software. Wrapping up the talk, Paul discusses GrammaTech's recent accomplishments at the Cyber Grand Challenge.
> Listen to the podcast here

Testwell tools at the Embedded Connectivity and Tech Conference in India

(Offenburg/Germany, Bangalore/India)

Lexington Soft Private Limited is representing Verifysoft in India. UBM India will be organising Embedded Connectivity and Tech Conference to be held on September 28-29, 2017 in Bangalore, India. Whether it's embedded hardware design or the Internet of Things (IoT), ECTC showcases emerging trends and innovations that will set the tone for the embedded systems industry in 2017 and beyond. With over 200 of attendees and numerous speakers set to meet face-to-face, ECTC is a must attend opportunity for embedded systems professionals to accelerate industry knowledge and network.

Shanghai 25th-26th October: Verifysoft presents Testwell CTC++ at Embedded ECU ISO26262 and Integration Testing Workshop

(Offenburg/Germany, Beijing/China)

Testwell CTC++ Code Coverage Analyser will be presented at Embedded ECU ISO26262 and Integration Testing Workshop on 25th-26th October 2017 in Shanghai.
The workshop is being organized by the partner of Verifysoft, Beijing Siener Electronics Tech. Development Ltd. and is dedicated to Software Testing for embedded safety-critical systems.
Verifysoft will present Code Coverage requirements for ISO 26262, the principles and key points in measuring code coverage with Testwell CTC++, the leading Code Coverage Analyzer in automotive industry.

Verifysoft: The customers’ satisfaction is more important than making a fast buck for our quarterly result

(Offenburg/Germany, 22 August 2017)

Klaus Lambertz, founder and CEO of Verifysoft Technology, talks about the contribution of Verifysoft to enhancing software safety and security, as well as the development and strategy of the company. Incorrect software can cost human lives and Verifysoft helps to save them. Bugs in software could affect reputation and competitiveness in the market and in extreme cases result in company insolvency. Actually Verifysoft has got an exponential growth, we anticipate at least 100 new customers in the next year. We have also got tested software on Mars, not only on earth! Watch the complete interview here.
Here the chapters of the interview:
(1) Who is Verifysoft and what is Verifysoft's offering? (04:15), (2) How important is the Quality of Software? (02:16), (3) Who needs Verifysoft's Testing Tools? (03:06), (4) Who are the Customers of Verifysoft? (02:34), (5) What is the Strategy of Verifysoft? (03:10), (6) How is the Evolution of Verifysoft's Business? (04:44), (7) What is the "Spirit of the Verifysoft Team? (03:02).

VDC research reports on Industry 4.0 security concerns

VDC Research Highlights Cybersecurity Concerns in Industry 4.0

(Offenburg/Germany, Ithaca, New York/USA, 15 August 2017)

As more companies have Industry 4.0 initiatives underway to refine and accelerate the realization of the smart factory vision, new data from VDC research indicates that these systems and software teams aren't taking enough precautions for security protection.
VDC recommends adopting a "secure by design" approach, which includes ensuring the quality and security of increasingly-used open-source, re-used, and third party code. An automated tool like CodeSonar, that can analyze both source and binary code to find defects and security vulnerabilities, is increasingly important as software development shifts to this new approach.
The report offers important recommendations to improve quality and security in this increasingly challenging era of device safety and security. > more information
Read the VDC Report here.

Domain Specific and Custom Error Checking in Advanced Static Analysis Tools

Static analysis tools ship with a default set of error checkers that cover the most common and important types of errors. However, projects often benefit from specific checks that apply to their domain such as very specific coding standards, correct usage of API functions, and security guidelines.
Advanced static analysis tools have the capability to create custom, domain specific, checkers via various means including programming to an exposed API.
This post provides a brief summary of how custom checkers work within the architecture of an advanced static analysis tool, how they are implemented and possible applications. More information here

VDC Report recommends adopting a security-first design approach

(Offenburg/Germany, Ithaca, New York/USA, 26 July 2017)

As IoT fuels faster software development, new data from VDC research indicates that software teams aren't taking enough precautions for security protection. VDC found that 24% of developers are not doing anything to respond to security requirements, and found another (thankfully smaller) segment that don't even know whether or not they are doing anything at all!
VDC recommends adopting a security-first design approach, which includes ensuring the quality and security of increasingly-used open-source, re-used, and third party code. An automated tool like CodeSonar, that can analyze both source and binary code to find defects and security vulnerabilities, is increasingly important as software development shifts to this new approach.
The report offers important recommendations to improve quality and security in this increasingly challenging era of device safety and security. For more information on how to help your team adopt a security-first approach:

Read our blog series: A Four-Step Guide to Security Assurance for IoT Devices
Learn more about analyzing third party binary code
Watch a video about the benefits of integrating CodeSonar into development

Read the VDC Report here.

Testwell CTC++ is now transparently integrateable into Cygwin Toolchains

(Offenburg/Germany, 7 July 2017)

Testwell CTC++ now includes a native support for Cygwin-Toolchains. This also means that Cygwin is now as easy to use with Testwell CTC++ as if one would work with native Windows- or MinGW-Toolchains.
Cygwin provides native integration of Windows-based applications, data, and other system resources with applications, software tools, and data of the Unix-like environment. Thus it is possible to launch Windows applications from the Cygwin environment, as well as to use Cygwin tools and applications within the Windows operating context.
Testwell CTC++ is a leading code coverage tool for safety and security critical embedded software development.

Verifysoft with 40% yearly growth: several vacant positions

(Offenburg, 19 June 2017)

The demand for Verifysoft software test tools continue growing both in Germany and worldwide.
Our turnover growth between 2014 and 2016 was average 40% per year. For the current year, we expect an even bigger increase in turnover.
In order to support our growth in the long term, we need further qualified employees, who will complete our motivated international team. In Offenburg we currently have vacancies for product managers, software developers, marketing and sales.
Verifysoft has been developing and distributing leading test tools since 2003 that are successfully used in safety-critical software development by hundreds of customers in more than 30 countries.

Verifysoft’s software test solutions at QA & Test in Bilbao (Spain)

QA & Test is an International Conference on Software QA and Testing on Embedded Systems which takes place in Bilbao (Spain) every year.
Verifysoft will be present with a booth during all three days of QA & Test (25th-27th October 2017) and the visitors can learn more about the solutions for code coverage on safety-critical embedded targets and source code analysis.
The attendees of the conference are welcome to join the product demonstration of Testwell CTC++ Code Coverage Analyzer, which will take place during the event.
Sebastian Goetzinger, IT Trainer at Verifysoft, will also give a workshop “Code Coverage on μ-Controller” where on the example of Code Coverage Analyzer Testwell CTC++, Arduino Uno and a common laptop will be shown, how to extract data in order to convert it to the corresponding reports. More information here

Verifysoft expands it's activities in South-Korea and assigns Realtimewave as further Distributor

(Offenburg/Germany, Seongnam/South-Korea, 19 June 2017)

Verifysoft has assigned Realtimewave as a second distributor for South-Korea. Realtimewave is based in the town of Seongnam, south-east of Seoul. The company is specialised in Aerospace and Defense markets.
> More information about our distributors

Testwell CTC++ Plugin integrates Code Coverage in Microchip’s MPLAB X

(Offenburg/Germany, 14 June 2017)

The new plugin CTC4MPlabX allows Testwell CTC++ to be used with MPLAB-X, and all of Microchip's latest compilers: xc8, xc16, and xc32.
In addition to that, and thanks to the plugin we developed for the IDE, code coverage can now be measured without complicated command line tricks: everything is done on a click of a button!
Thanks to Testwell CTC++ and its bitcov addon, code coverage can now be measured on all PICs in a split second, no matter if 8, 16, or 32 bits, and this with a very low memory footprint!

Testwell CTC++ 8.2 Available: Now also with JSON output Format

(Offenburg/Germany, Tampere/Finland, 16 May 2017)

Version 8.2 of Testwell CTC++ introduces JSON (JavaScript Object Notation) coverage reports. These coverage reports are similar to XML reports, but easier and faster to process in Javascripts.
There are also enhancements that are mainly focused on various advanced use cases as well as some corrections of bugs found since the previous version.
> more information

Release of Elvior TestCast T3 Version 6.11.2

(Tallinn/Estland, Offenburg/Deutschland, 27. April 2017)

Elvior has released a new version of the test execution tool TestCast with the following features:

ETSI ES 201 873-9 4.7.1 support (using XML schema with TTCN-3)
Support for external library modules (Math, String, DateTime)
Log synchronization - enables test session logs usage during runtime
Improved detection of uninitialized values in compile time
When a disallowed operation is detected during a blocking call in runtime, the name of the operation is printed in the exception message

Verifysoft presented Testing-Tools for DO-178C-Projects at Aviation Electronics Europe

(Munich/Germany, 26 April 2017)

Aviation Electronics Europe 2017 is a leading platform for the international aviation electronics industry.
Verifysoft Technology presented Testwell CTC++ and GrammaTech CodeSonar .
Both tools are compliant to DO-178C and are used with great success to enhance aviation software.
During the presentation "Advanced Static Analysis and Code Coverage for safety critical application" the advantages of Testwell CTC++ and GrammaTech CodeSonar has been shown to the audience.
Watch the presentation of Testwell CTC++ here

“Testwell CTC++ gives us what we need while keeping the process simple”: New Testwell CTC++ customer testimonial from medical industry (ISD, Sri Lanka)

(Offenburg/Germany, Colombo/Sri Lanka, 11 April 2017)

Testwell CTC++ gives us what we need while keeping the process simple” says Harin de Silva, Technical Manager at ISD, who has given us an insight into the software testing demands for medical solutions and explained why they are using Testwell CTC++ for measuring code coverage.
In the following Customer Testimonial Mr. Harin de Silva talks about advantages of Testwell CTC++: “We chose Testwell CTC++ in order to aid us in the unit tests and verification. (...) One of the biggest challenges that we had was the limited memory in our systems. Testwell CTC++ required a very small footprint for its instrumentation and the Host target add-on makes integrations to any system easy. The important point here is that we don’t have any restrictions with compilers, IDEs or debug tools. We are able to use Testwell CTC++ without changing our development process drastically…”
>Read full Customer Testimonial here

GrammaTech-Video shows advantages of Advanced Static Code Analysis compared to „simple“ analysis tools

(Ithaca/New York, Offenburg/Germany, 6 April 2017)

You are using „beginner-tools“ like PC-Lint or Cppcheck for the Static Code Analysis of your software? GrammaTech shows you in a 4:38-minutes video the advantages, which Advanced-Static-Code-Analysis with GrammaTech CodeSonar provides you, compared to a „simple“ analysis. > Watch the video here!

Verifysoft exhibited at Embedded World 2017: Watch our Video Now!

(Nuremberg/Germany, 16 March 2017)

More than 30,000 visitors from 73 countries came this year to the Embedded World Nuremberg in Germany. As every year since 2005, Verifysoft Technology presented best in class software testing tools.
Verifysoft's Software Testing Solutions meet the requirements of standards like DO-178C, EN 50128, IEC 61508, 62304 or ISO 26262 and are used in safety and security critical projects.
We provide testing tools for Static analysis, dynamic analysis and for code coverage.
Read more and watch our video now

GrammaTech announced CodeSonar 4.5 with Risk Dashboard

(Ithaca, New York/USA, Offenburg/Germany, 9 March 2017)

GrammaTech today announced the availability of the CodeSonar Risk Dashboard in CodeSonar 4.5. This new version of the leading static analysis tool will be released in the second calendar quarter of 2017.
The Risk Dashboard is a new capability which provides executives with an immediate read-out of the level of outstanding security risks in their projects. It provides the data needed to improve decision-making concerning security investments. The Risk Dashboard supports both source and binary analysis. It can be used to measure risks during the software development phase and in deployment environments.

Imagix 4D releases Imagix 4D version 9.0: Introduction of a review tool and checklist for Common Weakness Enumeration (CWE)

(San Luis Obispo/USA, Offenburg/Germany, 6 march 2017)

Imagix 4D Version 9.0 is now available. The new version introduces a review tool for guided checklist reviews and adds a checklist for Common Weakness Enumeration (CWE) testing. The performance of the flow check reports has been dramatically improved. The functionality of the calculation tree data flow visualizer has been expanded.

Testwell CMT++ Version 6.0.1 available

(Tampere/Finland, Offenburg/Germany, 6 March 2017)

The new version 6.0.1 Testwell CMT++ with smaller bug-fixes is now available for download. Further informations: Testwell CMT++ 6.0.1 Release-Notes

Release of Elvior TestCast T3 Version 6.11.1

(Tallinn/Estonia, Offenburg/Germany, 21 February 2017)

Elvior has released a new version of the test execution tool TestCast with the following features:

Function for TCI value conversion to XML.
Test case duration added to session reports.
Faster XML decoding.
Improved support for detection of unreferenced external module parameters etc.

GrammaTech Named to 50 Most Promising IoT Solution Providers

(Ithaca, New York/USA, Offenburg/Germany, 23 January 2017)

GrammaTech was named to CIO Review Magazine’s list of 50 Most Promising IoT Solution Providers of the year for 2016. The list of companies was selected by a panel of experts and members of CIO Review’s editorial board; GrammaTech’s IoT solutions were selected based on their ability to deliver exceptional value in today’s IoT-driven marketplace. Derived from deep innovation and intensive research in software analysis and software hardening, GrammaTech’s solutions are designed to address today’s most challenging software issues.
Today, more systems are controlled by software, more devices are connected, and more software is susceptible to attack. Developers need better tools to be able to deliver connected devices that are secure.
Unlike other traditional tools vendors, GrammaTech’s mission includes a research arm with over 20 PhDs focused on advancing the state-of-the-art in software analysis and protection. Through highly innovative research programs advancing techniques and technologies in software analysis, transformation, monitoring, and autonomic functions, GrammaTech’s software scientists are solving the software issues impacting the embedded, M2M, and IoT equipment markets.

Testwell CTC++ 8.1 Available

(Offenburg/Germany, Tampere/Finland, 13 January 2017)

Version 8.1 of Testwell CTC++ contains the following enhancements (partial list):

More robust behaviour, for avoiding certain problems, in a situation when two threads of an instrumented program trigger coverage data write-out at a same time.
The coverage report can now be restricted also by header files
For installation of the Visual Studio IDE Integration there is improved modify_msbuild_path.bat for better C# Framework64 support

> more information

Newsletter

Archives: