GrammaTech Releases CodeSonar® 5.1 with IoT Focus

New language support for Python, integration with JuliaSoft for enhanced C# and Java support, functional safety improvements, and enhancements to analyze the use of 3rd party APIs to deliver increased capabilities to IoT developers.

February 2019

ITHACA, NY.

GrammaTech, a leading provider of software assurance tools and cybersecurity solutions, today announced availability of CodeSonar® 5.1. The latest version of CodeSonar® provides IoT development professionals with the flexible tools they need to support their multitude of languages and ultimately deliver safer and more secure software products faster.

With CodeSonar®, developers can use a single user interface to find, assess and correct security vulnerabilities in different programs using multiple programming languages. CodeSonar® 5.1 is tightly integrated with the Julia engine from Juliasoft, which provides high recall, high precision detection of security vulnerabilities in Java and C#.  In the expansive world of IoT, this is critical as IoT devices and enterprise services are built using many different programming languages. While C# or Java are typically the languages used on the user-interface or enterprise side, the embedded device itself is built using C/C++, with Python in the mix for scripting.

Additionally, CodeSonar® now supports the import and export of results in SARIF (Static Analysis Results Interchange Format). GrammaTech is taking a leading role in the development of this emerging standard which is expected to lead to much improved integration between static analyzers and other software engineering tools.

GrammaTech continues to evolve the field of static analysis with the new API Anomaly detection module in CodeSonar®, which uses statistical machine learning to distill checkers from open source bodies of code. This module reports reliability and security problems due to bad use of 3rd party APIs such as the GNU C Library, OpenSSL, Qt, Glib, GTK, libXML and others. This module has already been used to report problems in the Git version control system, the elinks browser, the Query Object Framework, Gnome and other projects.

“IoT provides the ultimate challenge to static analysis tools,” says Paul Anderson, VP of Engineering at GrammaTech. “Functionality, 3rd party libraries, security and safety are all important, while developers are constantly under pressure to deliver. CodeSonar® helps developers write safer, more secure code, faster.”

The update is available as a free upgrade to all licensed customers under active support and maintenance contracts. A 30-day free trial of CodeSonar® 5.1 is also available at go.grammatech.com.

This material is partially based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD) via contract number HHSP233201600062C.

The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Department of Homeland Security.

About GrammaTech:

GrammaTech’s advanced static analysis tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. For more information, visit www.grammatech.com or follow us on LinkedIn.