GrammaTech, Inc., a leading maker of tools that improve and accelerate embedded software development, today announced availability of CodeSonar 4.1, the latest version of the company’s industry-leading software analysis tool for C/C++, Java, and binaries. Built to deliver unmatched depth of analysis, the latest version of CodeSonar includes new distributed analysis capabilities, deeper tainted data analysis, and binary analysis support for x64 processors. Combined, these advances will help developers build more stable and secure code in the Internet of Things (IoT) era, where a growing number of embedded software systems are networked enabled in sometimes unpredictable and often unsecure ways.
“Embedded systems continue to require better protection against cyber-attacks and quality lapses,” said Paul Anderson, Vice President of Engineering at GrammaTech. “With CodeSonar 4.1’s new features, developers can more easily identify bugs that are buried deep within complex code bases or hidden in third-party code.”
CodeSonar is ideal for zero-defect tolerance embedded environments because it analyzes both source and binary code to identify serious security and quality liabilities that cause system crashes, memory corruption, data races, and other unexpected vulnerabilities. New technical advances in CodeSonar 4.1 include:
Deeper Tainted Data Analysis
GrammaTech has substantially increased the precision of its taint analysis capabilities, which includes new tainted buffer access and indirect function call checkers. Analyzing indirect function calls more precisely is invaluable in discovering serious security vulnerabilities such as the recent Heartbleed bug.
New Distributed Analysis
Through groundbreaking research at GrammaTech, funded by the Department of Homeland Security, CodeSonar now distributes static analysis processing across a large numbers of heterogeneous machines (such as Linux, Windows, and Unix simultaneously). This development has the potential to speed up the analysis phase in proportion to the number of processors in the analysis pool, and gives developers the flexibility to turn up the depth of their analysis to find more critical defects.
Binary support for x64
As the only commercial static analysis tool with binary code analysis, the 4.1 release extends GrammaTech’s unique position as the binary analysis authority by adding the ability to analyze 64-bit Intel microprocessor code. As a result, more development teams will have access to GrammaTech’s binary analysis to ensure that their third-party code meets internal security and quality standards. Analyzing binary code alongside source code with CodeSonar has been shown to find 40% more defects than when source code alone was analyzed. (Programs tested were a mix of 75% source and 25% binary code.)
The rapid rise of third-party code has brought efficiency to development teams, but third-party binaries must also be rigorously tested if they are to stand up to security and quality standards. As the pressures and liabilities of software supply chain management (SSCM) continues to increase, embedded teams must investigate both source code and binaries to ensure consumer safety.
“Time-to-market pressures, increased adoption of standards-based technology, and the rise of system complexity will continue to drive the growth of third-party binary code use in embedded engineering organizations in the coming years,” said Andre Girard, Senior Analyst at VDC Research. “It will be critical for these organizations to utilize effective tools, such as the combination of static and binary analysis, to avoid the introduction of quality and security issues.”
To learn more about how GrammaTech’s CodeSonar accelerates, improves, and secures embedded software and both the source code and binary level, visit www.grammatech.com/codesonar.
GrammaTech tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. To learn more about GrammaTech, visit www.grammatech.com.