October 4, 2016 – Ithaca, NY – GrammaTech, a leading developer of commercial software-assurance tools and advanced cyber-security solutions, today announced that it has been selected as a prime contractor on the Department of Homeland Security’s Static Tool Analysis Modernization Project (STAMP). The goal of GrammaTech’s potentially $8M contract is to significantly advance the software ecosystem of open-source static-analysis tools for software. GrammaTech will perform the work with subcontractors KEYW (PonteTec division) and Secure Decisions.
With over 25 years researching static program-analysis techniques, and a strong history of transitioning that research to polished commercial tools that provide deep analysis, scalability, and results that users can understand, GrammaTech is uniquely positioned to lead the team. The goal of the project includes modernization of as many as eight tools for eight different programming languages, including both dynamic languages (e.g., JavaScript) and static languages (e.g., Java).
The opportunity for GrammaTech, a premier provider of commercial static-analysis tools for C/C++ and machine code, is to dramatically expand the coverage of its commercial product offering by integrating with the open-source tools produced in STAMP. The implications of such modernization would impact organizations that currently require custom combinations of tools to find the perfect fit and coverage. For instance, if you were using open-source tools and wanted to get better concurrency checking or taint analysis, you could migrate from a lightweight open-source tool to a commercial tool without transition barriers.
“The potential here is bigger than just a collection of isolated open-source tools,” explained GrammaTech CEO Tim Teitelbaum. “Yes, the project will significantly advance open-source tools by giving them more capability and value, but we hope to provide better interoperability with commercial tools as well.”
GrammaTech will work with KEYW’s PonteTec division, a team that has deep expertise in generating test cases and benchmark suites. The Secure Decisions team will help create a scoring and labeling tool that will allow decision makers concerned with software assurance to find the most relevant analysis tools for their needs.