DARPA Awards GrammaTech $7.6M for Safety and Certification Research

Posted on



MARCH 2020


GrammaTech, Inc., a leading developer of advanced commercial static analysis/software assurance products and advanced cybersecurity solutions, announces that it has been awarded a $7.6 million, four-year contract from Defense Advanced Research Projects Agency (DARPA).

Automated Rapid Certification of Software (ARCOS) is a DARPA program focused on generating evidence and assurance cases for a broad range of certification and/or accreditation standards. GrammaTech will develop technology that produces high-quality, traceable, and composable certification evidence for use in constructing assurance-case arguments for software that includes components available only in binary form.  Although the specifics of individual accreditation and certification criteria differ across safety, security, airworthiness, and other certification standards, the criteria often share concerns about both the software attributes that should be evaluated and the types of evidence used to construct assurance cases.

GrammaTech is developing a set of tools for ARCOS that will enable the same testing strategies used for new software development to be employed for recertification of legacy software and provide better traceability, complete with rationale for why specific test results deliver sufficient requirements and structural code coverage. In addition, these tools will scale and automate test generation, execution, and test-suite maintenance to achieve measurably improved test coverage and completeness and decreasing time to deployment.

“Re-certification of software is an expensive activity,” says Alexey Loginov, Vice President of Research at GrammaTech, Inc. “It often requires significant amounts of tedious labor, that needs to be performed by experienced and hard-to-find personnel. The human factor in the process also results in inconsistent evaluation of security risk. The goal of our ARCOS contribution is to automate as much as possible of that work using GrammaTech’s advanced program-analysis capabilities.”

“GrammaTech’s research efforts move the needle in topics such as cyber security and, in this case, safety certification,” says Mike Dager, CEO at GrammaTech. “The results of these projects allow us to deliver greater value to our customers. This will directly benefit our customers that develop software against standards like DO-178C/DO-330, IEC 61508, ISO26262, CENELEC EN 50128, IEC 62443 and many others.”

Acknowledgment of Support and Disclaimer  DFARS 252.235-7010

This material is based upon work supported by the United States Air Force, Air Force Research Laboratory, Rome NY and the Defense Advanced Research Project Agency (DARPA) under Contract No. FA8750-20-C-1005.

 Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Air Force, Air Force Research Laboratory, Rome NY and DARPA

About GrammaTech:

GrammaTech’s advanced static analysis tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, automotive and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. For more information, visit or follow GrammaTech on LinkedIn.


Related Posts

Check out all of CodeSecure’s resources and stay informed.

view all posts

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now