DHS Awards GrammaTech $3.5M to Modernize Open-Source Software Analysis Tools

SEPTEMBER 2018

ITHACA, N.Y.

GrammaTech, Inc., a leading developer of commercial embedded software assurance tools and advanced cybersecurity solutions, announced today that the Department of Homeland Security (DHS) has awarded it $3.5M to continue into the next 12-month phase of the Static Analysis Tools Modernization Project (STAMP). The goal of the project is to modernize open-source static analysis tools, which are used by developers to detect cyber vulnerabilities in software systems. GrammaTech will perform the work together with its subcontractor Secure Decisions of Northport, NY.

GrammaTech’s vision for this modernization is to:

• Enhance and develop open standards that allow static analyzers to be seamlessly integrated with software development tools and workflows.
• Use machine learning to expand the set of checks covered by static analyzers, and to aide in triage of the false positives inherent in the use of static analysis.
• Develop real-world test cases using bug injection technology that make it easier to evaluate static analysis tools.

“GrammaTech’s selection by DHS as the STAMP performer affirms our leadership in the field of static analysis,” said Tim Teitelbaum, CEO of GrammaTech. “We will make existing tools more powerful and accessible so engineers maximize the return on their investment in Static Application Security Testing (SAST).”

STAMP will deliver a significant contribution to the programming community at large. Coders who develop applications in popular languages like C/C++, Java, C#, JavaScript, and Python will benefit from GrammaTech’s work through improved analysis tools that better integrate with commercial software development environments.

Secure Decisions will participate in developing a tool for the comprehensive evaluation of static analyzers. This work will build in part on GrammaTech’s BugInjector, a tool that aids in estimating a static analyzer’s false negative rate by automatically injecting known bugs into  user programs.

About GrammaTech:

GrammaTech’s advanced static analysis tool CodeSonar©is used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally spun out of Cornell University, GrammaTech is now a leading research center for software security, and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. For more information, visit www.grammatech.comor follow us on LinkedIn.

CodeSonar® is a registered trademark of GrammaTech.

Want to see it in action?

Check out our demonstration video here.