Mark Hermeling

Blog

The BSIMM is an annual study of the real-world software security initiatives – “SSIs” in the report - across the software industry drawing from data and experience from 130 organizations. Rather than repeat the aim of the study, this quote sums it up best: ... Read More

The latest version of GrammaTech CodeSonar, Version 5.4, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements ... Read More

Piper Networks is an innovative IT solutions provider and systems integrator specializing in the transportation industry. Founded in 2011, Piper helps transit operators enhance systems by providing ultra-precise, real-time positioning information for trains, workers, and equipment. Piper’s proprietary technologies are designed to operate in some of the most challenging environments, ... Read More

Stoneridge, Inc. is a global leader in highly engineered electrical and electronic components for the commercial vehicle, passenger car, and off-highway markets. Stoneridge solutions power vehicle intelligence systems, provide dramatic increases in fuel efficiency, reduce emissions, and improve safety and security for everyone on the road. Stoneridge provides intelligent systems ... Read More

Google recently has studied the root cause of high severity security vulnerabilities detected in their Chrome browser project (specifically the open source Chromium project which Chrome and other browsers are based on) and found that 70 percent were “memory unsafety” problems. They attribute this to mistakes made with C/C++ pointers ... Read More

The latest version of GrammaTech CodeSonar, Version 5.3, continues our commitment to being the go-to provider for static application security testing (SAST) and the static analysis tool of choice for improving software safety, security and quality. This release has several new features as well as compatibility updates, and other improvements ... Read More

DO-178C, Software Considerations in Airborne Systems and Equipment Certification, is a standard published by RTCA, Inc and developed jointly with EUROCAE, the European Organization for Civil Aviation Equipment. Alongside DO-178C is D-326A (U.S.) and ED-202A (Europe) titled "Airworthiness Security Process Specification" and is the only Acceptable Means of Compliance (AMC) ... Read More

The static analysis interchange format (SARIF) is now an approved OASIS standard. We have discussed in other posts the benefits of having a standardized format for static analysis. First and foremost, among those benefits is the ability for tools from different vendors to exchange information without relying on various proprietary ... Read More

Three fresh new functional safety certificates are now available for CodeSonar version 5.2p0 and later covering IEC 61508, ISO 26262 and CENELEC EN 50128. These certificates have been issued by Exida and document that CodeSonar is qualified to be used to develop software that needs to be certified to the ... Read More

The Automotive SPICE (Software Process Improvement and Capability dEtermination) is a software development process standard that outlines the maturity model for software development, management and business processes. SPICE defines how to assess the capabilities of a software organization’s level of maturity. An organization seeking compliance to SPICE needs to follow ... Read More