GrammaTech is proud to offer the most aggressive binary analysis technology available. Now you can find vulnerabilities in software even if you don't have access to the source code.
Because CodeSonar for Binaries does not rely on debug or symbol-table information, it is able to examine the stripped executables normally shipped by software vendors. The tool enables you to perform a security audit on software without any cooperation from the vendor.
Take Charge of Supply Chain Risk Management (SCRM)
Software users need to be able to trust the products they are using. Similarly, software producers that incorporate third-party components into their solutions need to be able to trust those components. However, achieving trust is difficult because nearly every organization relies heavily on software developed elsewhere. Supply Chain Risk Management (SCRM) is required to assess software and build trust. SCRM approaches include:
Example buffer overrun detected by CodeSonar's binary analysis.
1. Examining the origin of software and processes used to develop it.
2. Examining the software product directly.
GrammaTech focuses on the second approach. Our static analysis technology examines both source code and binaries for vulnerabilities. Binary analysis, in particular, is a highly effective weapon against threats. It sidesteps trusting the development tools and process. It is also effective against insider threat.
This analysis engine is the result of a 10-year collaboration between GrammaTech and the University of Wisconsin-Madison, involving 21 experts in program analysis and $15 million in research and development (R&D). The innovative technology has received prestigious awards at Computer Science conferences.
Sample CodeSonar Checks for Binary Code:
CodeSonar for Binaries is currently being used by early adopters at a number of organizations. If you are interested in the tool, please contact us for more information.