Ithaca, NY (USA) – September 24, 2019 – GrammaTech, a leading provider of software assurance tools and cybersecurity solutions, was recently recognized in GovCIO Outlook”s (https://homeland-security.govciooutlook.com/vendor/grammatech-strengthening-software-with-innovative-static-analysis-cid-418-mid-45.html) Top 10 Homeland Security Solution Providers in 2019.
The list of companies was selected by a panel of experts and members of GovCIO Outlook”s editorial board; GrammaTech was selected based on their recent research (https://www.militaryaerospace.com/trusted-computing/article/14038233/cyber-security-critical-infrastructure-software-analysis-tools) working with the Department of Homeland Security (DHS) Science and Technology Directorate, conducting cutting-edge research under the Static Analysis Modernization Program (STAMP). GrammaTech put forward ideas with game-changing capabilities, chief among them being the use of machine learning to understand proper API usage by ingesting large open source code bases and using that understanding to train static analysis tools to detect API misuse in software projects. Using machine learning to create static analysis rules results in far more checks for program errors, at considerably lower cost. The results of this work are already available in the latest version of GrammaTech CodeSonar®.
“We learn rules from thousands of open source programs and integrate them with CodeSonar® and other open source analyzers, so that open source communities can also receive the benefits of our research,” said Tim Teitelbaum, CEO of GrammaTech. “In short, we are advancing the technology to make it easier to eliminate vulnerabilities early on in the software development lifecycle.”
Under STAMP, the firm is also working on open standards in the Static Analysis Results Interchange Format (SARIF) as a steering committee member along with Microsoft. “We have enabled various open source tools to export their results into SARIF, which makes it easier to import these results into tools that support SARIF import, like GrammaTech CodeSonar®, or Microsoft VS Code,” quotes Teitelbaum.
For the full interview with GrammaTech CEO Tim Teitelbaum, see GovCIO”s latest issue (https://homeland-security.govciooutlook.com/vendor/grammatech-strengthening-software-with-innovative-static-analysis-cid-418-mid-45.html).
The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Department of Homeland Security.
GrammaTech’s advanced static analysis tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. For more information, visit www.grammatech.com or follow us on LinkedIn (https://www.linkedin.com/company/grammatech).