Resources

Welcome to GrammaTech's resource library. Here you will find useful information about software development in the IoT era, where devices must not only function with impeccable quality and safety but also remain resilient to cyber attacks.

Datasheets

CodeSonar

» View datasheet

CodeSonar for Binaries

» View datasheet

CodeSonar for Java

» View datasheet

Case Studies

Micrel Medical

When it came time to choose a static analysis tool, Micrel chose CodeSonar, impressed by CodeSonar's accuracy and quality of defect identification compared to the competition.

» Read more

Crank Software

To enhance quality and security, Crank's teams are now using CodeSonar to more efficiently find and fix quality and security issues within their code.

» Read more

Sypris Electronics

Extensibility was a key reason Sypris adopted CodeSonar – it can easily be configured or customized to enforce specific or unusual coding policies required.

» Read more


NASA

To boost the reliability of the Curiosity Mars rover, NASA used advanced static analysis from GrammaTech.

» Read more

FDA

The FDA recommends the use of static analysis tools to help manufacturers eliminate software defects during development. The FDA itself also uses CodeSonar to test medical devices.

» Read more

Boston Scientific

One of the world's largest medical device companies, Boston Scientific thought no automated tool provided the checks they needed until they started working with CodeSonar.

» Read more


Bay Computer Associates

Bay Computer adopted CodeSonar because it could be configured easily to fit the company's workflow and had a strong reputation in the medical device industry.

» Read more

Vivante

Vivante's integration of CodeSonar into their test and QA process help them maintain the highest standard of quality while maximizing developer efficiency to solve code problems.

» Read more

Critical Link

Critical Link uses CodeSonar for the automated static analysis component of their company-wide quality control processes.

» Read more


Harvard Apparatus

Harvard adopted CodeSonar after finding that it found more real issues than other automated tools and returned information in a way that made it easy to locate and fix problems.

» Read more

NASA

CodeSonar is used to improve software quality for human spaceflight, space science, and earth science missions that depend on NASA's satellite telecommunications network.

» Read more

Allworx

Allworx uses CodeSonar to improve system reliability and stability in VoIP phone systems.

» Read more

Whitepapers

The Role of Static Analysis in Management of Cybersecurity in Medical Devices

This paper describes how static analysis plays a key role in risk management of medical device software development.

» Read more

Making Safety-Critical Software Development Affordable with Static Analysis

With the growing reliance on software, the code size for safety-critical software has skyrocketed. This paper describes how to use static analysis tools to tackle the growing software affordability concern.

» Read more

Addressing IoT's Impact on Software Engineering

This paper discusses IoT development best practices and will help you understand how CodeSonar can help protect your company from IoT security risks.

» Read more


Measuring the Value of Static Analysis Tool Deployments

This paper presents a model for computing the value of using a static analysis tool. Using inputs such as engineering effort, the cost of an exploited security vulnerability, and some easily-measured tool properties, the model allows users to make rational decisions about how best to deploy static analysis.

» Read more

Reduce Automotive Software Failures with Static Analysis

This paper describes how to produce reliable safety-critical automotive software, using static analysis to find important defects that are missed during other V&V activities.

» Read more

A Four-Step Guide to Security Assurance for IoT Devices

How do device software processes evolve to better protect our next-generation IoT devices? This paper describes a four-step plan that includes next-generation software assurance and a "security-first" methodology.

» Read more


Protecting Against Tainted Data in Embedded Applications with Static Analysis

This paper describes how a static analysis technique called taint analysis can be used to find how potentially hazardous inputs can flow through a program to reach sensitive parts of code, empowering developers to identify and eliminate these dangerous vulnerabilities effectively.

» Read more

Eliminating Vulnerabilities in Third-Party Code with Binary Analysis

This paper describes how to use binary analysis to inspect your third-party code for security vulnerabilities and other errors.

» Read more

How Static Analysis Protects Critical Infrastructure from Cyber Threats

This paper will help developers of embedded and IoT systems learn how to build-in security and safeguards that are resistant to human error, natural disaster, and cyber attacks.

» Read more


Finding Concurrency Errors with GrammaTech Static Analysis

This paper describes some common concurrency pitfalls and explains how static analysis with CodeSonar can help find such defects without executing the program.

» Read more

How to Avoid Common Pitfalls in MISRA Compliance

This whitepaper describes how to use the MISRA C:2012 standard to reduce the risks of the C programming language by prohibiting the more unsafe practices used in programming with it.

» Read more

Software Quality and Security Challenges Growing from Rapid Rise of Third-Party Code

In this whitepaper, VDC Research reports on how accelerating the pace of development requires greater use of outside code resources, such as third-party code, which show promise but can inject additional risk of quality and security issues.

» Read more


Embedded Software Design: Best Practices for Static Analysis Tools

This paper reviews a number of growing complexities that embedded software development teams are facing, including the proliferation of third-party code, increased pressures to develop secure code, and the challenges of multi-threaded applications.

» Read more

Conquering Complex Java Concurrency Bugs with CodeSonar

This whitepaper describes the most detrimental concurrency bugs in Java, and addresses how to identify and eliminate these bugs using CodeSonar.

» Read more

Detecting Domain-Specific Coding Errors with Static Analysis

This paper describes how custom domain-specific checkers can be used to improve software quality in complex embedded systems.

» Read more


How CodeSonar Compares to Narrow Solution Static Analysis Tools

Early generation and free static analysis tools are now primitive, as advanced tools like CodeSonar vastly outperform them. This paper describes the key differences.

» Read more

Advanced Driver Assistance Systems (ADAS), Safety, and Static Analysis

This paper discusses the role of static analysis tools within the development of an ADAS system, including the return on investment (ROI) for adopting them.

» Read more

New Approaches Needed for Medical Device Software Development

This paper discusses how to manage the evolving software supply chain risks in patient-critical systems, an increasingly critical part of medical device software development.

» Read more


Software Forensics

This paper discusses how static analysis is an important tool in software forensics, and how hybrid source and binary code analysis can be applied and the advantages to investigation efficiency.

» Read more

Accelerating Software Safety with MISRA and Static Analysis

This paper discusses how advanced static analysis tools are desirable in the complex software development process in order to reduce risk, costs, and time to market.

» Read more

Videos

Narrow-Solution Static Analysis Tools vs. CodeSonar

Static analysis tools range widely in scope.

» Watch the video

An Interview with GrammaTech's David Hauck

David Hauck discusses cyber security and the immense impact of the Internet of Things (IoT).

» Watch the video

Team TECHx: DARPA's Cyber Grand Challenge

Take an insider's look into our team as they prepared for the competition.

» Watch the video


Software Assurance and Software Hardening

Source code analysis, binary code analysis, tainted data analysis, sophisticated multicore analyses, and more.

» Watch the video

Five Minutes with GrammaTech CEO, Tim Teitelbaum

Embedded Computing Design interviews Teitelbaum about participation in DARPA's Cyber Grand Challenge.

» Watch the video

What is Autonomic Computing?

Autonomic computer systems can detect, assess, and recover from cyber-attacks, all without human intervention or insight.

» Watch the video


How Does CodeSonar Find More Real Bugs?

GrammaTech VP of Engineering Paul Anderson discusses CodeSonar's advanced static analysis engine.

» Watch the video

Performing a Security Audit with CodeSonar

In this tutorial, we describe how to approach security auditing, using CodeSonar.

» Watch the video

Don't leave your device software open to failure

Learn about GrammaTech's advanced technologies, services, and software-assurance solutions on the cutting edge of IoT.

» Watch the video


CodeSonar for Binaries

Now you can find vulnerabilities in software even if you don't have access to the source code.

» Watch the video

CodeSonar for Java

Software Engineer John Von Seggern demonstrates some of the capabilities of GrammaTech's Java analysis, within CodeSonar®'s advanced user interface.

» Watch the video

Software Visualization

Software Visualization Engineer Travis Hidlay demonstrates some of the new features of CodeSonar®'s software visualization technology.

» Watch the video


CodeSonar Overview

CodeSonar® is a sophisticated static analysis tool for C, C++, and Java source code, that detects bugs in safety-critical code that other source code analysis tools miss.

» Watch the video

CodeSonar Binary Analysis: Library demonstration

In this demonstration GrammaTech CodeSonar binary analysis is used to analyze an external library used in a project.

» Watch the video

Protect Your Software Supply Chain

In the increasingly fast-paced world of software development, leveraging third-party code can be a powerful shortcut. But are you taking into account the added risks?

» Watch the video


GrammaTech CodeSonar

CodeSonar® is a sophisticated static analysis tool for source code and binary code, that detects bugs and security vulnerabilities that other static analysis tools miss.

» Watch the video

Tainted Data Analysis in CodeSonar

What is tainted data analysis? How can you leverage taint analysis to find anomalous or unstructured data that can be used by attackers to gain access or crash an application?

» Watch the video

Our Experience in DARPA's Cyber Grand Challenge

Dr. David Melski, our VP of Research and PI for DARPA's CGC, gives a lecture to students at Cornell University about building bot Xandra that competed as Team TECHx in DARPA's Cyber Grand Challenge.

» Watch the video


CodeSonar’s Visual Tainted Data Analysis

CodeSonar's tainted dataflow analysis allows you to explore potentially dangerous data flows in a clear, visual way.

» Watch the video


More bugs found. More lives saved. More hacks prevented.

Begin Your Free Trial