Contact us
GrammaTalk

Embedded World 2019 Presentation: Static Analysis for Safety and Security

Posted on

by

Mark Hermeling

 IMG_20180228_095933-1

Bookmark event Save the date Share

Static analysis has been proven to improve the quality of software development for very little investment. Embedded software is not different, but it does pose a number of additional requirements on the static analysis tool around safety and security. This presentation will highlight those differences and how GrammaTech CodeSonar addresses them.

Time-to-market often compete with safety and security in embedded systems development. Static analysis improves the quality of your software the moment it is written and such, helps with all of these. Embedded systems puts a lot of requirements on our static analysis tool, so it is important that you pick the tool that properly supports you in your projects. This presentation will explain how safety and security concerns are important to consider.

From a safety perspective, you want a static analysis tool that aggressively finds warnings in your source code. The percentage of ‘recall’, that is, the amount of problems it finds is crucially important. Secondly, you want to make sure you are able to claim credit for your static analysis tool in your functional safety certification process. You may not have a functional safety need just yet, but for many embedded systems this is something that looms on the horizon.

From a security perspective, you want to analyze tainted data, data taken in from the environment and how it flows through your system. A small mistake is easily made and hard to find through manual inspection or testing once it has slipped into your source code base.

Lastly, 3rd party libraries are important. From the GNU C library, to OpenSSL, to Qt, to Glib or libXML. Usage of these libraries is not always uniform and it is easy to lose track of allocated memory, or properly inspect return codes.

Take a look below at Mark Hermeling, Senior Director of Product Marketing, discuss how CodeSonar provides coverage for all of these concerns and can easily be integrated into your existing, or new projects.

{{ script_embed(‘wistia’, ‘uaog8tx09i’, ‘, ‘, ‘inline,responsive’) }}

 

Interested in learning more? Read our guide on “Embedded Software Design: Best Practices for Static Analysis Tools.”

{{cta(‘69509d29-9c44-4ef9-b6af-501085daf957’)}}

Share post:

Mark Hermeling

Software development professional with extensive international experience (Europe, North America, Asia) in assisting customers to get the most from the use of modern technologies and automation. Focused on understanding the customer and helping them to get product to market quicker. Able to abstract, think outside of the box, understand, educate, enable and solve. Worked in a variety of different roles in sales (including field engineering and field engineering management responsible for quota) as well as product management and marketing (owning product vision and product roadmap).

Related Posts

Check out all of GrammaTech’s resources and stay informed.

view all posts

Contact Us

Get a personally guided tour of our solution offerings. 

Contact US