Static Analysis

SWAP Detector: Preventing API Errors from Swapped Arguments

Third-party application programming interfaces (APIs), libraries, and frameworks are a fact for modern software developers. They are usually complex, rapidly…

5 days ago

Detecting Iterator Invalidation with CodeQL

by Kevin Higgs, Montgomery Blair High School Iterator invalidation is a common and subtle class of C++ bugs that often…

2 months ago

What the Building In Security Maturity Model (BSIMM) Says About the Role of SAST and SCA

The BSIMM is an annual study of the real-world software security initiatives – “SSIs” in the report - across the…

2 months ago

Latest Version of CodeSonar Improves on C++ Analysis, MISRA Support; Introduces Subcommands for DevSecOps and More

The latest version of GrammaTech CodeSonar, Version 5.4, continues our commitment to being the go-to provider for static application security…

3 months ago

Security Code Review of a Banking Trojan — Cerberus

Security Code Review of a Banking Trojan — CerberusOver a year ago, I started hearing about this new Banking Trojan called Cerberus.…

3 months ago

On the Road to DevSecOps: Security and Privacy Controls per NIST SP 800-53

This past March, the National Institute of Standards and Technology (NIST) released the NIST Special Publication 800-53, Revision 5, which…

3 months ago

Memory Management is the Leading Cause of Security Vulnerabilities in Google Chrome

Google recently has studied the root cause of high severity security vulnerabilities detected in their Chrome browser project (specifically the…

5 months ago

Latest Version of CodeSonar Improves on Functional Safety, MISRA Support, C++ Parsing and Visualization

The latest version of GrammaTech CodeSonar, Version 5.3, continues our commitment to being the go-to provider for static application security…

6 months ago

DevSecOps in Safety Critical Avionics Software and the Role of Static Analysis

DO-178C, Software Considerations in Airborne Systems and Equipment Certification, is a standard published by RTCA, Inc and developed jointly with…

6 months ago