industry news
Subscribe Now

AdaCore’s GNAT Pro Assurance Development Environment Reinforces Security Support

Ada toolsuite helps projects track and mitigate product vulnerabilities

NEW YORK, March 15, 2022 – AdaCore, a trusted provider of software development and verification tools, today announced that the latest version of its signature GNAT Pro Assurance product has introduced a service that helps customers with their vulnerability mitigation strategy for third-party tools. With GNAT Pro Assurance 22, customers can request a detailed list of known problems, each keyed to The MITRE Corporation’s Common Vulnerability Enumeration (CVE) database. Vulnerability reports are provided in machine-readable CVE JSON format as well as human-readable PDF reports. In addition to this information, AdaCore now produces Software Bills of Materials (SBOM). SBOMs are supplied in the industry-standard Software Package Data Exchange (SPDX) format, allowing automated incorporation into customers’ vulnerability management and reporting systems.

GNAT Pro Assurance is the top-tier edition of AdaCore’s GNAT Pro product line and offers a complete Ada solution: a comprehensive suite of development and verification tools, a configurable run-time library, and several specialized small-footprint runtimes. It is geared toward developers of safety- and/or security-critical applications that require long-term maintenance, including but not limited to projects that need to meet domain-specific software assurance standards. For safety certification, such standards include DO-178C (airborne software), EN 50128 (rail), ECSS-E-ST-40C and ECSS-Q-ST-80C (space), and ISO 26262 (automotive and industrial systems). On the security side, relevant standards include DO-326A / ED-202A and DO-356A / ED-203A (airworthiness). For each of these safety or security standards, certification and/or qualification material for specific run-time libraries and/or tools are available to GNAT Pro Assurance customers through an optional certification support service.

Unique to GNAT Pro Assurance, the sustained branch service allows a customer to choose a specific version of the technology and receive workarounds or product updates for that version as needed to deal with critical issues. This offers guaranteed product stability, with controlled evolution to correct problems that do not have realistic workarounds.

“The challenge with software security is that vulnerabilities can and will be discovered after a system has been deployed, and systems are typically multi-layered with interdependent components from different vendors,” said Alexander Senier, Lead of Cybersecurity at AdaCore. “A vulnerability that one vendor fixes might require an expensive correction in another component; if that vendor fails to make that correction, then the entire system may be insecure. With GNAT Pro Assurance, our customers don’t get into such a situation. We provide sustained branches, we perform automatic analyses of known vulnerabilities on those branches and make them available to customers, we analyze whether security issues found in current GNAT Pro versions are present in sustained branches and port security fixes to those older versions if necessary. This enables customers to have their systems deployed securely throughout the project’s lifetime.”

“Ada is a language of choice for developers of long-lived high-reliability software, and the sustained branch service for GNAT Pro Assurance meets the needs for both stability in the product and corrections to critical problems,” said Jamie Ayre, Commercial Director at AdaCore. “Solving a blocking problem by moving to a new product version that introduces unrelated enhancements may fix one defect but could introduce regressions or trigger other problems. With GNAT Pro Assurance’s sustained branch service, which stands out in the industry, a customer can lock in a specific version of the product and then receive updates only when needed to address a critical issue.”

Contact us today to learn what GNAT Pro Assurance can do for you!

About AdaCore

Founded in 1994, AdaCore supplies software development and verification tools for mission-critical, safety-critical, and security-critical systems.

Over the years, customers have used AdaCore products to field and maintain a wide range of critical applications in domains such as commercial and military airborne systems, railway, space, automotive, defense systems, air traffic management/control, medical devices, and financial services. AdaCore has an extensive and growing worldwide customer base; see for further information.

AdaCore products are open source and come with expert online support provided by the developers themselves. The company has North American headquarters in New York and European headquarters in Paris.

Leave a Reply

featured blogs
Nov 28, 2022
Join us for a CadenceTECHTALK (aka webinar) to learn how the upcoming release of Fidelity CFD software significantly extends the capabilities of our pre-processing and unstructured meshing solutions. We'll demonstrate: Better performance for large geometry models Improve...
Nov 22, 2022
Learn how analog and mixed-signal (AMS) verification technology, which we developed as part of DARPA's POSH and ERI programs, emulates analog designs. The post What's Driving the World's First Analog and Mixed-Signal Emulation Technology? appeared first on From Silicon To So...
Nov 21, 2022
By Hossam Sarhan With the growing complexity of system-on-chip designs and technology scaling, multiple power domains are needed to optimize… ...
Nov 18, 2022
This bodacious beauty is better equipped than my car, with 360-degree collision avoidance sensors, party lights, and a backup camera, to name but a few....

featured video

How to Harness the Massive Amounts of Design Data Generated with Every Project

Sponsored by Cadence Design Systems

Long gone are the days where engineers imported text-based reports into spreadsheets and sorted the columns to extract useful information. Introducing the Cadence Joint Enterprise Data and AI (JedAI) platform created from the ground up for EDA data such as waveforms, workflows, RTL netlists, and more. Using Cadence JedAI, engineering teams can visualize the data and trends and implement practical design strategies across the entire SoC design for improved productivity and quality of results.

Learn More

featured paper

Algorithm Verification with FPGAs and ASICs

Sponsored by MathWorks

Developing new FPGA and ASIC designs involves implementing new algorithms, which presents challenges for verification for algorithm developers, hardware designers, and verification engineers. This eBook explores different aspects of hardware design verification and how you can use MATLAB and Simulink to reduce development effort and improve the quality of end products.

Click here to read more

featured chalk talk

Current Sense Resistor - WFC & WFCP Series

Sponsored by Mouser Electronics and Vishay

If you are working on a telecom, consumer or industrial design, current sense resistors can give you a great way to detect and convert current to voltage. In this episode of Chalk Talk, Amelia Dalton chats with Clinton Stiffler from Vishay about the what, where and how of Vishay’s WFC and WFCP current sense resistors. They investigate how these current sense resistors are constructed, how the flip-chip design of these current sense resistors reduces TCR compared to other chip resistors, and how you can get started using a Vishay current sense resistor in your next design.

Click here for more information about Vishay / Dale WFC/WFCP Metal Foil Current Sense Resistors