Role of SAST and SCA in ISO/SAE 21434 - Road Vehicles Cybersecurity Engineering

Role of SAST and SCA in ISO/SAE 21434 – Road Vehicles Cybersecurity Engineering

|
As cars become more connected and complex, the amount of software needed is staggering. With 100 million lines of code being standard for current vehicles and up to 300 million for autonomous vehicles. Along with this connectivity and complexity is an ever-increasing cyber-attack surface. Battling this security threat and improving ... Read More
The Minefields of MISRA Coverage

The Minefields of MISRA Coverage

|
Modern static application security testing (SAST) tools are typically used for two main purposes: finding bugs, and finding violations of coding standards. The primary purpose of CodeSonar is the former—it was originally designed to find serious safety and security defects such as memory errors, API misuse, and concurrency issues; however, ... Read More
Advanced Driver Assistance, Safety, and SAST to Support ISO 26262

Advanced Driver Assistance, Safety, and SAST to Support ISO 26262

|
Advanced Driver Assistance Systems (ADAS) are a key area of innovation in automotive electronics, but their potential improvement and positive impact on safety can only be realized with the same level of rigor as other safety-critical software. As we’ve posted before, ISO 26262 defines the guidelines for designing and building safety ... Read More
Accelerating Automotive Software Safety with MISRA C and SAST

Accelerating Automotive Software Safety with MISRA C and SAST

|
The MISRA C/C++ coding guidelines were created based on concerns about the ability to safely use the C and C++ programming languages in critical automotive systems. Since its inception in 1998, MISRA has become one of the most-used coding standards in the automotive industry, and has even spread to use in safety-critical ... Read More
Introducing MISRA C Coding Standard to an Existing Code Base

Introducing MISRA C Coding Standard to an Existing Code Base

|
The intent of the Motor Industry Software Reliability Association (MISRA) C coding standard was to define a subset of the C language that minimizes the possibilities of errors. Although originally intended for safety critical applications in the automotive market, it is being used in other areas such as medical and ... Read More
Common Software and Application Security Terms Explained

Common Software and Application Security Terms Explained

|
The software security discipline is full of terminology and it’s important to state our particular definitions for these terms in the context of GrammaTech products and our approach to improving software security. This is not an exhaustive list but it does include some of the most popular phrases used with ... Read More
Calculating the ROI of SAST in DevSecOps for Embedded Software

Calculating the ROI of SAST in DevSecOps for Embedded Software

|
With the increasing reliance on software driving critical functionality in all types of products such as industrial controls, medical devices, automotive sensors, flight control systems and so much more, ensuring the quality, safety and security of the software is more essential than ever. To achieve these results, continuous testing is ... Read More
Log4j 2 Vulnerability – Practical Advice and What’s Next for Software Supply Chain Security

Log4j 2 Vulnerability – Practical Advice and What’s Next for Software Supply Chain Security

| | SBN News
If you are a cybersecurity or DevOps professional, you have probably had a very hectic 96 hours and probably many more to come. The critical Zero-Day vulnerability (CVE-2021-44228, CVssv3 10.0) in Apache Log4j 2, a popular open source Java-based logging library that is part of many widely used Internet, enterprise ... Read More
futuresbom3

The Future of the SBOM

Although it might seem premature to discuss the future of the software bill of materials (SBOM) before they have even gained full use and acceptance in the industry. However, the future of the SBOM is intertwined with the maturity of software security practices and risk management for software reuse and ... Read More
sbom

What is an SBOM? A deep dive.

By now, you’ve probably heard the term software bill of materials (SBOM). It’s become the security buzzword of the year. Let’s look a little deeper into the what a SBOM is, what it contains, how it is used and how the industry plans to exchange them ... Read More