David Melski’s article “Improving reliability and security by analyzing executables” was published today in Embedded Computing Design. An excerpt appears below, with a link to the full article.
Improving reliability and security by analyzing executables
By David Melski
[…]
For organizations developing security or high reliability applications, the inability to assess the quality of third-party components is a significant problem. It is not surprising that one of the earliest proponents of developing better technology for analyzing executables was the National Security Agency, which in 2004 publicly emphasized the importance of tools that analyze binaries[13]. Of particular concern is software used in the nation’s critical infrastructure, such as emergency preparedness communications and power plants.
Machine code analysis offers a way to assess third-party code, even when the source is unavailable. The ability to detect defects, vulnerabilities, and intentionally inserted malicious code allows users to regain some control in determining if a piece of software meets their acceptance criteria. Users need not blindly trust the software producer.
[…]
Click here to see the full article on the Embedded Computing Design website
About GrammaTech:
GrammaTech’s static-analysis tools are used worldwide by startups, Fortune 500 companies, educational institutions, and government agencies. The staff includes fourteen researchers with PhDs in programming languages and program analysis.
