EEJournal

industry news
Subscribe Now
February 24, 2015

GrammaTech Unveils New CodeSonar Release Designed for the IoT Era

ITHACA, N.Y., Feb. 24, 2015 /PRNewswire/ — GrammaTech, Inc., a leading maker of tools that improve and accelerate embedded software development, today announced availability of CodeSonar 4.1, the latest version of the company’s industry-leading software analysis tool for C/C++, Java, and binaries. Built to deliver unmatched depth of analysis, the latest version of CodeSonar includes new distributed analysis capabilities, deeper tainted data analysis, and binary analysis support for x64 processors. Combined, these advances will help developers build more stable and secure code in the Internet of Things (IoT) era, where a growing number of embedded software systems are networked enabled in sometimes unpredictable and often unsecure ways.

“Embedded systems continue to require better protection against cyber-attacks and quality lapses,” said Paul Anderson, Vice President of Engineering at GrammaTech. “With CodeSonar 4.1’s new features, developers can more easily identify bugs that are buried deep within complex code bases or hidden in third-party code.” 

CodeSonar is ideal for zero-defect tolerance embedded environments because it analyzes both source and binary code to identify serious security and quality liabilities that cause system crashes, memory corruption, data races, and other unexpected vulnerabilities. New technical advances in CodeSonar 4.1 include:

  • Deeper Tainted Data Analysis – GrammaTech has substantially increased the precision of its taint analysis capabilities, which includes new tainted buffer access and indirect function call checkers. Analyzing indirect function calls more precisely is invaluable in discovering serious security vulnerabilities such as the recent Heartbleed bug.
  • New Distributed Analysis – Through groundbreaking research at GrammaTech, funded by the Department of Homeland Security, CodeSonar now distributes static analysis processing across a large numbers of heterogeneous machines (such as Linux, Windows, and Unix simultaneously). This development has the potential to speed up the analysis phase in proportion to the number of processors in the analysis pool, and gives developers the flexibility to turn up the depth of their analysis to find more critical defects.
  • Binary support for x64 – As the only commercial static analysis tool with binary code analysis, the 4.1 release extends GrammaTech’s unique position as the binary analysis authority by adding the ability to analyze 64-bit Intel microprocessor code. As a result, more development teams will have access to GrammaTech’s binary analysis to ensure that their third-party code meets internal security and quality standards. Analyzing binary code alongside source code with CodeSonar has been shown to find 40% more defects than when source code alone was analyzed. (Programs tested were a mix of 75% source and 25% binary code.)

The rapid rise of third-party code has brought efficiency to development teams, but third-party binaries must also be rigorously tested if they are to stand up to security and quality standards. As the pressures and liabilities of software supply chain management (SSCM) continues to increase, embedded teams must investigate both source code and binaries to ensure consumer safety.

“Time-to-market pressures, increased adoption of standards-based technology, and the rise of system complexity will continue to drive the growth of third-party binary code use in embedded engineering organizations in the coming years,” said Andre Girard, Senior Analyst at VDC Research. “It will be critical for these organizations to utilize effective tools, such as the combination of static and binary analysis, to avoid the introduction of quality and security issues.”

To learn more about how GrammaTech’s CodeSonar accelerates, improves, and secures embedded software and both the source code and binary level, visit www.grammatech.com/codesonar.

About GrammaTech:

GrammaTech tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. To learn more about GrammaTech, visit www.grammatech.com.

Leave a Reply

featured blogs
Captivating Component Art
May 2, 2024
I'm envisioning what one of these pieces would look like on the wall of my office. It would look awesome!...
More from Max's Cool Beans...
Why Analog Design Challenges Need Breakthrough Technologies
Apr 30, 2024
Analog IC design engineers need breakthrough technologies & chip design tools to solve modern challenges; learn more from our analog design panel at SNUG 2024.The post Why Analog Design Challenges Need Breakthrough Technologies appeared first on Chip Design....
More from Synopsys...

featured video

Introducing Altera® Agilex 5 FPGAs and SoCs

Sponsored by Intel

Learn about the Altera Agilex 5 FPGA Family for tomorrow’s edge intelligent applications.

To learn more about Agilex 5 visit: Agilex™ 5 FPGA and SoC FPGA Product Overview

featured paper

Designing Robust 5G Power Amplifiers for the Real World

Sponsored by Keysight

Simulating 5G power amplifier (PA) designs at the component and system levels with authentic modulation and high-fidelity behavioral models increases predictability, lowers risk, and shrinks schedules. Simulation software enables multi-technology layout and multi-domain analysis, evaluating the impacts of 5G PA design choices while delivering accurate results in a single virtual workspace. This application note delves into how authentic modulation enhances predictability and performance in 5G millimeter-wave systems.

Download now to revolutionize your design process.

featured chalk talk

Enabling the Evolution of E-mobility for Your Applications
Sponsored by Mouser Electronics and TE Connectivity
The next generation of electric vehicles, including trucks, buses, construction and recreational vehicles will need connectivity solutions that are modular, scalable, high performance, and can operate in harsh environments. In this episode of Chalk Talk, Amelia Dalton and Daniel Domke from TE Connectivity examine design considerations for next generation e-mobility applications and the benefits that TE Connectivity’s PowerTube HVP-HD Connector Series bring to these designs.
Click here for more information about TE Connectivity PowerTube Connectors
Feb 28, 2024
8,553 views