News

GrammaTech Announces Support for Secure Coding to Reduce Cybersecurity Vulnerabilities

Posted on

by

CodeSonar® to enforce US-CERT’s Build Security In coding rules

BOSTON, MA, Embedded Systems Conference — GrammaTech, Inc., a leading manufacturer of source-code analysis tools, today announced that the next version of CodeSonar® will support the secure coding rules developed by US-CERT. The coding standard provides secure coding rules and recommendations, which reduce insecure coding practices that can create vulnerabilities. CodeSonar’s automated analysis will review code and quickly identify problematic sections of code that violate US-CERT secure coding guidelines. CodeSonar’s automated enforcement will reduce the need for manual review, making it easier for organizations to adopt the coding standard.

US-CERT, a premier center for computer security expertise, is the operational arm of the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS). US-CERT’s mission includes analyzing and reducing threats to cybersecurity within the U.S. It also collaborates with international partners to strengthen Internet security worldwide. The coding rules are part of a broad US-CERT software-assurance initiative called Build Security In. In developing the Build Security In coding rules, US-CERT drew ideas from leading security experts.

By following US-CERT’s recommendations and adopting the Build Security In coding rules, companies can jump-start their efforts to improve product security. “Good design is obviously critical and Build Security In provides a wealth of resources for improving design. But design alone is not the whole story-correct implementation really matters. A large number of vulnerabilities are created by coding flaws. The Build Security In coding rules are aimed at reducing such vulnerabilities. By adhering to the standard, companies can leverage the collective experience of security experts and avoid writing high-risk code. CodeSonar’s static analysis makes the process easier by identifying problematic code quickly and automatically. Early identification of problematic code makes it easier to correct,” said Paul Anderson, GrammaTech’s vice president of Engineering.

Checkers that examine code for adherence to Build Security In rules will be incorporated into the standard version of CodeSonar. Other features will include support for Windows Vista (incl. x64), Windows 7 (incl. x64), Windows Server 2008 (incl. x64), Windows XP x64, and Windows Server 2003 x64, adding to the set of platforms already supported by CodeSonar: Windows 2000, Windows Server 2003, Windows XP, Linux (x86 and x86-64), and Mac OS X (x86 and x86-64). Additional features will include improvements to analysis precision, analysis time and the user interface.

About CodeSonar

CodeSonar is a sophisticated static-analysis tool that performs a whole-program, interprocedural analysis on code and identifies complex programming bugs that can result in system crashes, memory corruption and other serious problems. CodeSonar has long been the software-analysis tool of choice for companies working on mission-critical applications such as satellites, avionics, industrial controls and medical devices. Companies outside the safety-critical space are also adopting CodeSonar to improve software reliability and security. This includes organizations developing software for wireless devices, networking equipment and consumer electronics.

More information about the Build Security In coding rules can be found at https://buildsecurityin.us-cert.gov/daisy/bsi-rules/33-BSI.html.

Pricing and Availability

The next version of CodeSonar will have the same pricing as CodeSonar 3.4, which is available today starting at $9,600 USD for small projects. Licenses for larger projects are priced based on the size of the project. Interested parties can request a free trial of CodeSonar.

About GrammaTech:
GrammaTech’s static-analysis tools are used worldwide by startups, Fortune 500 companies, educational institutions, and government agencies. The staff includes fourteen researchers with PhDs in programming languages and program analysis.

Book a Demo

We’re ready to help you integrate SAST and SCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now