Customer security advisory on Log4J2 vulnerability: visit oursupport article now.
Resources
Welcome to GrammaTech's resource library. Here you will find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber attacks.
CodeSentry Datasheet
CodeSentry Binary Software Composition Analysis
Case Studies
Iris ID
Iris ID takes security seriously. The IrisAccess platform is a combination of hardware and embedded software. It works by taking a picture of a person’s iris to uniquely match it to a database to identify the person and provide secure access.
Crank Software
To enhance quality and security, Crank's teams are now using CodeSonar to more efficiently find and fix quality and security issues within their code.
Sypris Electronics
Extensibility was a key reason Sypris adopted CodeSonar – it can easily be configured or customized to enforce specific or unusual coding policies required.
NASA
To boost the reliability of the Curiosity Mars rover, NASA used advanced static analysis from GrammaTech.
FDA
The FDA recommends the use of static analysis tools to help manufacturers eliminate software defects during development. The FDA itself also uses CodeSonar to test medical devices.
Boston Scientific
One of the world's largest medical device companies, Boston Scientific thought no automated tool provided the checks they needed until they started working with CodeSonar.
Bay Computer Associates
Bay Computer adopted CodeSonar because it could be configured easily to fit the company's workflow and had a strong reputation in the medical device industry.
Vivante
Vivante's integration of CodeSonar into their test and QA process help them maintain the highest standard of quality while maximizing developer efficiency to solve code problems.
Critical Link
Critical Link uses CodeSonar for the automated static analysis component of their company-wide quality control processes.
Harvard Apparatus
Harvard adopted CodeSonar after finding that it found more real issues than other automated tools and returned information in a way that made it easy to locate and fix problems.
NASA
CodeSonar is used to improve software quality for human spaceflight, space science, and earth science missions that depend on NASA's satellite telecommunications network.
Allworx
Allworx uses CodeSonar to improve system reliability and stability in VoIP phone systems.
Viveris
Viveris uses GrammaTech CodeSonar to dramatically improve the ef ciency of software developers working on customers projects, while delivering higher security from the early start of the Software Development Lifecycle.
LACROIX Sofrel
LACROIX SOFREL specializes in the design and construction of telemetry and SCADA (supervisory control and data acquisition) products for district metering and leak detection on water supply networks.
Telit
Telit has integrated CodeSonar into their software development processes, which include build and integration work ows using Gerrit, Jenkins and Git.
Stoneridge
Stoneridge has integrated CodeSonar® into two core software development areas – MirrorEye® and instrument clusters.
Piper Networks
In looking for a SAST vendor, Piper needed a tool that could keep their codebase clean and manage the latest developments in safety.
Financial Services
Large financial services company with over 3,000 offices worldwide in over 60 countries with more than $1 trillion in assets.
Iron Bank
The addition of GrammaTech’s CodeSonar SAST solution to Platform One and Iron Bank provides DoD developers with a certified, powerful and automated solution that integrates seamlessly with their workflows to quickly find and remediate defects and vulnerabilities in code before software is released.
Micrel Medical
When it came time to choose a static analysis tool, Micrel chose CodeSonar, impressed by CodeSonar's accuracy and quality of defect identification compared to the competition.
Whitepapers
The Role of Static Analysis in Management of Cybersecurity in Medical Devices
This paper describes how static analysis plays a key role in risk management of medical device software development.
Making Safety-Critical Software Development Affordable with Static Analysis
With the growing reliance on software, the code size for safety-critical software has skyrocketed. This paper describes how to use static analysis tools to tackle the growing software affordability concern.
Addressing IoT's Impact on Software Engineering
This paper discusses IoT development best practices and will help you understand how CodeSonar can help protect your company from IoT security risks.
Measuring the Value of Static Analysis Tool Deployments
This paper presents a model for computing the value of using a static analysis tool. Using inputs such as engineering effort, the cost of an exploited security vulnerability, and some easily-measured tool properties, the model allows users to make rational decisions about how best to deploy static analysis.
Reduce Automotive Software Failures with Static Analysis
This paper describes how to produce reliable safety-critical automotive software, using static analysis to find important defects that are missed during other V&V activities.
A Four-Step Guide to Security Assurance for IoT Devices
How do device software processes evolve to better protect our next-generation IoT devices? This paper describes a four-step plan that includes next-generation software assurance and a "security-first" methodology.
Protecting Against Tainted Data in Embedded Applications with Static Analysis
This paper describes how a static analysis technique called taint analysis can be used to find how potentially hazardous inputs can flow through a program to reach sensitive parts of code, empowering developers to identify and eliminate these dangerous vulnerabilities effectively.
Eliminating Vulnerabilities in Third-Party Code with Binary Analysis
This paper describes how to use binary analysis to inspect your third-party code for security vulnerabilities and other errors.
How Static Analysis Protects Critical Infrastructure from Cyber Threats
This paper will help developers of embedded and IoT systems learn how to build-in security and safeguards that are resistant to human error, natural disaster, and cyber attacks.
Finding Concurrency Errors with GrammaTech Static Analysis
This paper describes some common concurrency pitfalls and explains how static analysis with CodeSonar can help find such defects without executing the program.
Machine Learning for Finding Programming Defects and Anomalies
This paper describes how the machine learning technique works and shows how it was able to find several previously unknown bugs in high-profile software systems with high precision (i.e., few false positives).
How to Avoid Common Pitfalls in MISRA Compliance
This whitepaper describes how to use the MISRA C:2012 standard to reduce the risks of the C programming language by prohibiting the more unsafe practices used in programming with it.
Embedded Software Design: Best Practices for Static Analysis Tools
This paper reviews a number of growing complexities that embedded software development teams are facing, including the proliferation of third-party code, increased pressures to develop secure code, and the challenges of multi-threaded applications.
Prevent Cybercrime and Insider Attacks in Your Company with Static Analysis
In this report, GrammaTech explains how cybercrime inside a company works and shares examples of potential backdoors.
Detecting Domain-Specific Coding Errors with Static Analysis
This paper describes how custom domain-specific checkers can be used to improve software quality in complex embedded systems.
Advanced Static Analysis for C++
Early generation and free static analysis tools are now primitive, as advanced tools like CodeSonar vastly outperform them. This paper describes the key differences.
Advanced Driver Assistance Systems (ADAS), Safety, and Static Analysis
This paper discusses the role of static analysis tools within the development of an ADAS system, including the return on investment (ROI) for adopting them.
New Approaches Needed for Medical Device Software Development
This paper discusses how to manage the evolving software supply chain risks in patient-critical systems, an increasingly critical part of medical device software development.
Software Forensics
This paper discusses how static analysis is an important tool in software forensics, and how hybrid source and binary code analysis can be applied and the advantages to investigation efficiency.
Accelerating Software Safety with MISRA and Static Analysis
This paper discusses how advanced static analysis tools are desirable in the complex software development process in order to reduce risk, costs, and time to market.
Simplifying DO-178B/C Certification with GrammaTech's CodeSonar
This paper describes how GrammaTech’s CodeSonar® can be used to support an organization’s DO-178B activities.
Bug Injector: Generation of Cyber-Defense Evaluation Benchmarks
Computational systems are increasingly ubiquitous, networked, and subject to attack. The rise of cyber-attacks has spurred research and development of cyber- defensive tools. This report details Bug Injector, which automates benchmark construction, and will permit more thorough and customized evaluation of commercial products and research results at a lower cost.
Enhancing Code Reviews with Static Analysis
This paper discusses how static analysis tools provide an ideal (and automated) companion to code reviews by supporting the process and increasing the defect removal rate.
Static Analysis and Railway Safety-Critical Software
This paper discusses safety-critical software affordability and how static analysis tools like GrammaTech’s CodeSonar increase developer productivity and satisfy various IEC 61508 and IEC 62443 requirements.
Integrating Static Application Security Tools (SAST) in DevSecOps
This paper takes a look at the role of static application security testing tools (SAST) and in particular GrammaTech CodeSonar and how it can be used in DevSecOps and continuous development pipelines to improve quality and security and ultimately, make teams more competitive in getting market leading solutions out the door quicker.
Using Static Analysis for Overlapping Safety and Security Requirements for Medical Devices
Software and embedded systems used in medical devices are subject to strict and varied regulations. New medical device regulation will not make the overall situation clearer. This white paper discusses achieving compliance with the use of static code analysis while improving productivity and reducing compliance effort.
Easing the Adoption of Static Analysis into Existing Projects
The adoption of any new tool into an existing Software Development Process with an established code base is always a challenge. This paper is aimed at reducing the initial shock and help the development team to improve quality and security efficiently.
DevSecOps in Safety Critical Avionics Software and the Role of Static Analysis
This paper explores how static application security testing tools (SAST) and in particular GrammaTech CodeSonar can be used in DevSecOps for safety critical avionics.
Designing Security into Medical Device Software
With the recent increased connectivity of devices, security researchers have found security lacking in medical devices, with one recent example finding over 1400 security vulnerabilities in a commonly-used infusion pump. This paper discusses how to refocus medical device development to include security as a key factor, in addition to safety.
A Practical Approach to DevSecOps
This paper is aimed at helping to understand how the transition to DevSecOps need not be traumatic and that a cautious approach that leverages state of the art tools and techniques can be helpful - a practical approach to DevSecOps.
DevSecOps in DOD Mission Critical Software and the Role of SAST and SCA
This paper is aimed at helping to understand how the transition to DevSecOps need not be traumatic and that a cautious approach that leverages state of the art tools and techniques can be helpful - a practical approach to DevSecOps.
Using GrammaTech CodeSentry and CodeSonar to improve Software Security and comply with IEC 62443
This document introduces common causes of security vulnerabilities including implementation programming weaknesses in programing languages and TPS. In addition it describes TPS types, describes TPS specific security challenges and provides guidance on how to use the Grammatech CodeSentry and CodeSonar tools in a workflow to select and manage TPS and overall product security.
