Resources
Welcome to GrammaTech's resource library. Here you will find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber attacks.
Datasheets
CodeSonar
CodeSonar for Binaries
CodeSonar for Java
Case Studies
Micrel Medical
When it came time to choose a static analysis tool, Micrel chose CodeSonar, impressed by CodeSonar's accuracy and quality of defect identification compared to the competition.
Crank Software
To enhance quality and security, Crank's teams are now using CodeSonar to more efficiently find and fix quality and security issues within their code.
Sypris Electronics
Extensibility was a key reason Sypris adopted CodeSonar – it can easily be configured or customized to enforce specific or unusual coding policies required.
NASA
To boost the reliability of the Curiosity Mars rover, NASA used advanced static analysis from GrammaTech.
FDA
The FDA recommends the use of static analysis tools to help manufacturers eliminate software defects during development. The FDA itself also uses CodeSonar to test medical devices.
Boston Scientific
One of the world's largest medical device companies, Boston Scientific thought no automated tool provided the checks they needed until they started working with CodeSonar.
Bay Computer Associates
Bay Computer adopted CodeSonar because it could be configured easily to fit the company's workflow and had a strong reputation in the medical device industry.
Vivante
Vivante's integration of CodeSonar into their test and QA process help them maintain the highest standard of quality while maximizing developer efficiency to solve code problems.
Critical Link
Critical Link uses CodeSonar for the automated static analysis component of their company-wide quality control processes.
Harvard Apparatus
Harvard adopted CodeSonar after finding that it found more real issues than other automated tools and returned information in a way that made it easy to locate and fix problems.
NASA
CodeSonar is used to improve software quality for human spaceflight, space science, and earth science missions that depend on NASA's satellite telecommunications network.
Whitepapers
The Role of Static Analysis in Management of Cybersecurity in Medical Devices
This paper describes how static analysis plays a key role in risk management of medical device software development.
Making Safety-Critical Software Development Affordable with Static Analysis
With the growing reliance on software, the code size for safety-critical software has skyrocketed. This paper describes how to use static analysis tools to tackle the growing software affordability concern.
Addressing IoT's Impact on Software Engineering
This paper discusses IoT development best practices and will help you understand how CodeSonar can help protect your company from IoT security risks.
Measuring the Value of Static Analysis Tool Deployments
This paper presents a model for computing the value of using a static analysis tool. Using inputs such as engineering effort, the cost of an exploited security vulnerability, and some easily-measured tool properties, the model allows users to make rational decisions about how best to deploy static analysis.
Reduce Automotive Software Failures with Static Analysis
This paper describes how to produce reliable safety-critical automotive software, using static analysis to find important defects that are missed during other V&V activities.
A Four-Step Guide to Security Assurance for IoT Devices
How do device software processes evolve to better protect our next-generation IoT devices? This paper describes a four-step plan that includes next-generation software assurance and a "security-first" methodology.
Protecting Against Tainted Data in Embedded Applications with Static Analysis
This paper describes how a static analysis technique called taint analysis can be used to find how potentially hazardous inputs can flow through a program to reach sensitive parts of code, empowering developers to identify and eliminate these dangerous vulnerabilities effectively.
Eliminating Vulnerabilities in Third-Party Code with Binary Analysis
This paper describes how to use binary analysis to inspect your third-party code for security vulnerabilities and other errors.
How Static Analysis Protects Critical Infrastructure from Cyber Threats
This paper will help developers of embedded and IoT systems learn how to build-in security and safeguards that are resistant to human error, natural disaster, and cyber attacks.
Finding Concurrency Errors with GrammaTech Static Analysis
This paper describes some common concurrency pitfalls and explains how static analysis with CodeSonar can help find such defects without executing the program.
How to Avoid Common Pitfalls in MISRA Compliance
This whitepaper describes how to use the MISRA C:2012 standard to reduce the risks of the C programming language by prohibiting the more unsafe practices used in programming with it.
Software Quality and Security Challenges Growing from Rapid Rise of Third-Party Code
In this whitepaper, VDC Research reports on how accelerating the pace of development requires greater use of outside code resources, such as third-party code, which show promise but can inject additional risk of quality and security issues.
Embedded Software Design: Best Practices for Static Analysis Tools
This paper reviews a number of growing complexities that embedded software development teams are facing, including the proliferation of third-party code, increased pressures to develop secure code, and the challenges of multi-threaded applications.
Conquering Complex Java Concurrency Bugs with CodeSonar
This whitepaper describes the most detrimental concurrency bugs in Java, and addresses how to identify and eliminate these bugs using CodeSonar.
Detecting Domain-Specific Coding Errors with Static Analysis
This paper describes how custom domain-specific checkers can be used to improve software quality in complex embedded systems.
How CodeSonar Compares to PC-Lint (and similar tools)
Early generation static analysis tools like PC-lint are now primitive, as advanced tools like CodeSonar vastly outperform them. This paper describes the key differences.
Advanced Driver Assistance Systems (ADAS), Safety, and Static Analysis
This paper discusses the role of static analysis tools within the development of an ADAS system, including the return on investment (ROI) for adopting them.
New Approaches Needed for Medical Device Software Development
This paper discusses how to manage the evolving software supply chain risks in patient-critical systems, an increasingly critical part of medical device software development.
Videos
Software Assurance and Software Hardening
Source code analysis, binary code analysis, tainted data analysis, sophisticated multicore analyses, and more.
Five Minutes with GrammaTech CEO, Tim Teitelbaum
Embedded Computing Design interviews Teitelbaum about participation in DARPA's Cyber Grand Challenge.
What is Autonomic Computing?
How Does CodeSonar Find More Real Bugs?
GrammaTech VP of Engineering Paul Anderson discusses CodeSonar's advanced static analysis engine.
Performing a Security Audit with CodeSonar
Don't leave your device software open to failure
CodeSonar for Binaries
CodeSonar for Java
Software Visualization
