SAST Tools Must Support Your Embedded Operating Systems, Toolchains & Compilers – Chose Wisely
Embedded software development is very close to the development platform used. Whether it’s bare metal development, commercial RTOS or embedded Linux, the tool chain is an important component in software development. It’s imperative that tools meant to help developers and integrate into their workflows also support the toolchain of choice ... Read More
Speeding up SAST
Balancing Application Security Testing Results and Resources This post looks at how you can make SAST (Static Application Security Testing) faster and why it’s important. The performance of SAST tools affects their success as they are introduced into developer workflows, and subsequently influences their total cost of ownership. SAST ... Read More
Using Binary Analysis to Hunt Down OSS Vulnerabilities
Having an SBOM and software inventory aids in identifying 3rd-party vulnerabilities and risk ... Read More
Top three tips for ensuring software supply chain security
At a time when “software supply chain attack” has become a household phrase, the recent vulnerability discovered in the Apache Log4J has delivered a wake-up call to both developers and software consumers: the days of blindly trusting third-party software are over ... Read More
SAST and SCA Solutions Essential to Meeting UN Regulation No. 155 for Vehicle Cybersecurity
The World Forum for Harmonization of Vehicle Regulations (WP.29) of the United Nations Economic Commission for Europe (UNECE) is a global regulatory forum within the UNECE Inland Transportation Committee. WP.29 drafted a regulation, No. 155, addressing vehicle cybersecurity and cybersecurity management systems (CSMS) ... Read More
TCP/IP stacks vulnerabilities are a wake-up call for embedded software
URGENT/11 and other recent vulnerabilities such as AMNESIA:33 related to embedded TCP/IP stacks indicate a deficiency in vetting and auditing software supply chains. The blame doesn’t rest solely on software vendors, but also points to the need for embedded device manufacturers to evaluate more than just their currently developed products. ... Read More
On Demand Webinar featuring Solid Sands | Safety and Security Critical Software: Start with the End in Mind
Software development is hard work. Developing C or C++ software that has to be safe and secure is even more difficult. How do you ensure that your end-product behaves the way that you intend it to? As a first step, automated testing is really important. Though necessary, it is ... Read More
2020: Looking Back on GrammaTech’s Year
Surely 2020 will go down in the history books as an exceptional year to put it mildly. Despite the huge impact of the COVID-19 pandemic on the world, it certainly impacted us and our customers. However, we still managed to have an outstanding year at GrammaTech. This is based on ... Read More
