GrammaTech CodeSonar in the News
Further press articles:
Testwell CTC++ Testwell CMT++/CMTJava Imagix4D CodeSonar CodeSentry Codee Verifysoft/General All Press Articles
This are only some of all CodeSonar news in English language
More CodeSecure news are available in GermanHow a DevSecOps approach improved security in iris recognition systems
We chose CodeSonar from GrammaTech because it met the above criteria as we implemented a DevSecOps approach. CodeSonar could both identify code issues and also provide explanations to developers so they could fix problems. This enables our global development teams to not only avoid making mistakes, but learn from past errors so they don’t crop up again.
Read the entire article here.
Software quality demands both static code analysis and dynamic testing
Read the entire article here.
Top 5 'Need to Know' Coding Defects for DevSecOps
Read the entire article here.
Real World Benchmark for Static Code Analysis Tools
"There is an urgent need for benchmarks, such as those from GrammaTech, to allow software developers to evaluate static analysis tools in a comprehensive and real-world setting," says Barton Miller, Professor of Computer Sciences at the University of Wisconsin – Madison and Chief Scientist of SWAMP. "Also, developers of static analysis tools now have the ability to enhance their tools or benchmark new static analysis technologies with realistic test cases. Integrating these benchmarks into the SWAMP platform increases their effectiveness and availability."
Read the post here.
Detecting the Beep Vulnerability with CodeSonar
The error in beep.c was deteced with the static analysis tool GrammaTech CodeSonar.
Read the whole article here.
Integration Between GrammaTech CodeSonar and Wind River Workbench
With this integration, software developers can annotate and resolve the software vulnerabilities that CodeSonar highlights without leaving the Wind River Workbench development environment, thereby significantly boosting productivity. Supporting the native Wind River VxWorks® real-time operating system as well as the POSIX API, CodeSonar provides advanced, whole program static analysis of application software and device drivers running in either kernel or user mode. For developers of complex Internet of Things (IoT) devices, CodeSonar delivers a must-have capability as it finds security and quality problems as well as problems specific to multi-core development such as deadlocks, livelocks, resource starvation, and race conditions. CodeSonar identifies bugs that can result in system crashes, unexpected behavior, and security breaches, reducing the risk of shipping costly, brand-damaging defects. It finds these bugs during the development phase, before software is tested, thereby saving cost and time.Read full text here or watch the demo video.
Can software development be more secure with static analysis?
Perhaps the most relevant point is the role static analysis plays in a security-first software design, which is critical in today´s connected and complex operating environment..... Electronicsweekly.com, 05. April 2017
Addressing IoT impact on software engineering
Manufacturers need to carefully evaluate the cyber threats and the level of exposure of IoT devices. New levels of software integrity can only be achieved if teams can eliminate both accidental coding errors and intentional design-in vulnerabilities, through efficient analysis techniques suitable for the typical highly complex applications of today.
Powered by the forces of the cloud, connected endpoints, wireless technologies, and big data, the Internet of Things (IoT) evolution is forming a perfect storm for software engineering teams. This single, transformative force is bigger than anything in the history of tech industry, fueling an unparalleled consumer- oriented features race, expected to advance at an incredible rate over the next decade. ...
boards & solutions + ECE March 2017 (PDF)
Static code analysis tools gain ISO 26262, IEC 61508, EN 50128 certification
EE Times Europe, 4 July 2014
CodeSonar Achieves ISO 26262, IEC 61508, and EN 50128 Certification
Ithaca, NY — GrammaTech, Inc., a leading maker of tools that improve and accelerate software development, today announced that CodeSonar, the company's flagship static analysis product, has been certified by SGS TÜV Saar GmbH for use in the development of safety-critical software according to several international standards: ISO 26262, IEC 61508 and EN 50128. These three standards were designed to define the functional safety of electronics throughout their lifecycle within automotive systems, medical devices, and railway applications, respectively.
Professional Tester, 2 July 2014
GrammaTech Unveils Visual Security Analysis for Embedded Software
GrammaTech, Inc., a leading maker of tools that improve and accelerate embedded software development, today introduced the industry´s first visual taint analysis technology. Available in CodeSonar, GrammaTech´s flagship static analysis product, this innovation combines advanced tainted dataflow analyses with GrammaTech´s proprietary visualization engine, to clearly display notoriously hard-to-find tainted data pathways in embedded systems. ... Professional Tester, 25 February 2014
Embedded software security analysis gets visual
EE Times Europe, 4 March 2014
Tools Ensure Reliability of Critical Software
After successfully adapting CodeSonar to check for the NASAderived rules, GrammaTech transitioned the changes into its commercial version of the product in 2008. ...
NASA Spinoff 2011
Detecting Bugs in Safety-Critical Code - Advanced Static Analysis
Dr. Dobb´s Journal March 2008
Static vs. Dynamic Detection of Bugs in Safety-Critical Code
Recently, a new breed of static analysis tools has emerged that can find flaws without writing any test cases. ...
Embedded Technology March 2008