
GrammaTech Releases CodeSonar Version 6.2 Focused on Enabling DevSecOps
Ready for DevSecOps GrammaTech’s CodeSonar static application security testing (SAST) solution already has great integrations with the tools our customers rely on to develop software today. This release of CodeSonar adds new features and functionality making it easier for you to achieve DevSecOps, while helping you accelerate the delivery of quality, safe and secure code …
Continue reading “GrammaTech Releases CodeSonar Version 6.2 Focused on Enabling DevSecOps”

The Dangers of Copy and Paste
INTRODUCTION: Copying and pasting code (“copy-paste”) is a primitive but very common form of software re-use. Unfortunately, this practice is fraught with dangers not least of which is duplicating bugs and security defects throughout the system. While the degree to which copy-paste, as a general code construction technique, should be allowed or disallowed is debatable, …

VDC Research Study Finds Only Half of IoT Projects are Testing for Software Security
Yet the Increased Use of Third Party Components in Supply Chains Creates Hidden Attack Vectors BETHESDA, Md., May 12, 2021 — GrammaTech, a leading provider of application security testing products and software research services, today released the findings from a research survey conducted by VDC Research on the state of software supply chain security testing. …

Latest Version of CodeSonar Improves on C++ Analysis, MISRA Support; Introduces Subcommands for DevSecOps and More
The latest version of GrammaTech CodeSonar, Version 5.4, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements. This release has several new features …

Expanding CodeSonar SAST Capabilities with Java and C#
GrammaTech recently acquired the intellectual property and assets of JuliaSoft S.r.l. to extend its CodeSonar Static Application Security Testing (SAST) platform with automated code analysis for Java and C# code. This an exciting announcement because of how well the Julia static analysis engine fits with CodeSonar and both team’s approach to quality, safety and security. …
Continue reading “Expanding CodeSonar SAST Capabilities with Java and C#”

GrammaTech Bug-Injector Research Receives IEEE SCAM 2019 Distinguished Paper
During the International Working Conference on Source Code Analysis & Manipulation (SCAM), a GrammaTech research publication was awarded the Institute of Electrical and Electronics Engineers (IEEE) Computer Society TCSE (Technical Council on Software Engineering) Distinguished Paper Award. The paper, “Automated Customized Bug-Benchmark Generation,” describes Bug-Injector, a system that automatically creates benchmarks for customized evaluation of static analysis tools. This work …
Continue reading “GrammaTech Bug-Injector Research Receives IEEE SCAM 2019 Distinguished Paper”