COTS Security
Secure Your Software Supply Chain.
Secure Your Software Supply Chain
Gain Visibility to Risk in Licensed Software
Commercial off-the-shelf (COTS) software applications are a part of every organization. Vulnerabilities in this software present risks to your organization, not the vendors’. This includes vulnerabilities in the open-source components your COTS providers use.
A vendor-provided Software Bill of Material (SBOM) would make available the information needed to evaluate the risk associated with deploying their software. Unfortunately, this is rarely available as vendors choose to keep secret the components they use.
Apply Binary Software Composition Analysis (SCA)
Inventory, Vulnerabilities, Weaknesses
There is a solution to this problem. CodeSonar is a Binary SCA tool that quickly produces a SBOM without the need for source code and without violating commercial software licenses. Instead of reverse engineering or decompiling the binary, CodeSonar identifies artifacts from open source components that survive compilation to generate an SBOM and a list of known vulnerabilities in the detected components, including any indirect dependencies.
Implement Trust, But Verify
Second Check Your Vendors
Most COTS providers understand the importance of secure software to their customers and their reputation. Using CodeSentry allows organizations to verify the security controls of their vendors by producing an independent SBOM and list of vulnerable components. This “Trust, but Verify” approach enables open discussions about the risks associated with deploying COTS software and any compensating controls that may be necessary to mitigate risks.
Put CodeSentry Into Practice
Production-Ready Binary SCA
A large multinational financial services company with more than 3,000 employees utilizes COTS applications to support business-critical functions as well as day-to-day productivity. To mitigate exposure risk the company reduced their Software Application Authorization time, to validate and authorize new applications prior to placing into production, from four months to just weeks by introducing binary SCA to augment their dedicated penetration testing and overcome cost and scalability challenges.
Our Customers
“CodeSonar does a better job of finding the more serious problems, which are often buried deep in the code and sometimes hidden by unusual programming constructs that are hard for other static analysis tools to parse.” GE Aviation
GE Aviation
“CodeSonar does a better job of finding the more serious problems, which are often buried deep in the code and sometimes hidden by unusual programming constructs that are hard for other static analysis tools to parse.” GE Aviation
GE Aviation
“Aliquam consequat erat viverra sit condimentum. Amet at ac accumsan sagittis turpis vivamus. Auctor sapien, vulputate nunc neque. Egestas et lectus commodo rutrum lorem. Turpis dui cursus lobortis arcu donec imperdiet aliquam odio.”
Jane Doe
Optional Descriptor
“Aliquam consequat erat viverra sit condimentum. Amet at ac accumsan sagittis turpis vivamus. Auctor sapien, vulputate nunc neque. Egestas et lectus commodo rutrum lorem. Turpis dui cursus lobortis arcu donec imperdiet aliquam odio.”
Jane Doe
Optional Descriptor
Case Studies
Learn how customers gain value using GrammaTech’s solutions via case studies in medical, aerospace, tech, and more.
Telit
Learn MoreGrammaTech Helps Telit Deliver Safety Faster. Telit is a global leader in cellular-based M2M and Internet of Things (IoT) solutions that have been connecting the world from the inside out for nearly 20 years.
Stoneridge
Learn MoreTransportation – GrammaTech Improves Product Quality and Delivers Safety Faster.
Piper
Learn MoreTransportation – GrammaTech Helps Optimize Smart Sensors and Technologies to Increase Transportation Throughput.
Petroleum Experts
Learn MoreIndustrial – GrammaTech Helps Deliver High Quality, Safe, Secure Software and Ensure Customer Satisfaction.
NASA-White Sands: The Benefit of Static Analysis
Learn MoreAerospace – GrammaTech Contributes to NASA Study Exploring the Benefits of Static Analysis.
NASA: Mars Curiosity Rover
Learn MoreGovernment – GrammaTech Helps Mars Curiosity Rover Search for Signs of Life.
Multinational Financial Services Company
Learn MoreFinancial Services – GrammaTech Reduces Application Authorization Time from Months to Weeks.
Micrel Medical Devices
Learn MoreMedical Device – GrammaTech Provides Superior Standards Support to Meet Coding Compliance Needs.
Merit Automotive
Learn MoreAutomotive – GrammaTech Supports Delivery of Quality Products to Meet Safety and Security Requirements.
Related Resources
Book a Demo
We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team.
book now