New Crowdsourcing Initiative Will Harden Open Source Software Through Better Automated Analysis of Code
ITHACA, NY — GrammaTech, Inc., a leading maker of tools that improve and accelerate software development, today announced the launch of a new crowdsourcing initiative, Annotations for All, funded by the National Science Foundation (NSF). Annotations for All is an initiative that will improve software development by encouraging developer crowdsourcing of software annotations, to facilitate the creation of safer software.
Software annotations are added to code by developers to provide information about the intent of a program; they can be harnessed by automated software analysis tools to deliver more comprehensive analyses. Instead of just checking for programming errors that could cause a crash, a static analysis tool with access to thorough annotations can also check to make sure that an application’s behavior matches the designer’s intent.
To promote broader adoption of annotations, Annotations for All is inviting all developers to contribute annotations for popular open-source projects, particularly widely-used libraries. The Annotations for All website is available now for developers to visit and become involved. The organization is accepting contributions from commercial and open-source developers, researchers, and students. To learn more about the project, its mission, how to get involved and contribute, visit annotationsforall.org.
“The benefit of writing annotations in the process of creating secure software is known, but the practice needs to be invigorated,” said David Cok, Vice President of Technology at GrammaTech. “By creating a place to gather information about annotations, annotation tools, and annotations for commonly-used libraries, we are hoping to produce a resource that will help any developer build better software.”
Front page headlines continue to point to software failures, and often these stem from vulnerabilities in shared libraries, many of which are open source. Annotations for All hopes to take a step in solving this problem by aggregating annotated versions of commonly used libraries, so static analysis tools can do a better job of checking them.
Annotations for All will focus on annotations that can be checked by automated tools, for software written in commonly-used languages such as C/C++ and Java. Using automated analysis tools in conjunction with reliable software annotations takes checking for software correctness one step further.
About GrammaTech:
GrammaTech tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, industrial control, and other applications where reliability and security are paramount. Originally launched from Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code and binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software.
About the National Science Foundation (NSF):
This activity is supported by the National Science Foundation under Grant No. ACI-1314674 in NSF’s Transition to Practice perspective in the Secure and Trustworthy Computing program. The project will facilitate transitioning research work on annotations and software checking into actual practice. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.