VITA Technologies
  • VME
  • XMC
  • FMC
  • PMC
  • VNX
  • VPX
  • VME
  • XMC
  • FMC
  • PMC
  • VNX
  • VPX
  • Articles
  • White Papers
  • Products
  • News
  • Articles
  • White Papers
  • Products
  • News
  News  Industry News  GrammaTech Announces First Fully Compatible Static-Analysis Tool for MITRE’s Common Weakness Enumeration Security Standard
Industry News

GrammaTech Announces First Fully Compatible Static-Analysis Tool for MITRE’s Common Weakness Enumeration Security Standard

GrammaTechGrammaTech—March 18, 20080

ITHACA, NY–March 18, 2008–GrammaTech, Inc., a leading provider of source-code analysis tools, declared today that CodeSonar Enterprise is the first static-analysis tool that is compatible with all aspects of MITREs Common Weakness Enumeration (CWE) standard. CodeSonar has now entered CWEs Evaluation Phase, after which CWE compatibility will become official.

CWE, developed by the MITRE Corporation under the sponsorship of the National Cyber Security Division of the Department of Homeland Security, provides a standard language for describing software security weaknesses. Standard terminology makes it easier for organizations to identify, understand and eliminate the myriad of security weaknesses that can occur in software.

More stories

ORBexpress Extends Support to INTEGRITY 10

August 1, 2011

BittWare Announces Altera Stratix IV FPGA-Based Family of COTS Boards

May 20, 2008

Altera Ships Industry’s First 65-nm Low-Cost FPGA

March 19, 2007

GE Fanuc Embedded Systems Broadens VPX Line

August 29, 2007

“Leveraging efforts on this topic from academia, the commercial sector, and government, CWE unites the most valuable breadth and depth of content and structure to serve as a unified standard. Our objective is to help shape the code security assessment industry and also dramatically accelerate the use and utility of software assurance capabilities for organizations in reviewing the software systems they acquire or develop,” said Robert Martin, CWE project leader.

“GrammaTechs CodeSonar is a static analysis tool for identifying programming flaws and security vulnerabilities in code. CWE is an important and valuable initiative that will help CodeSonar users understand the state of their code more effectively. GrammaTech is pleased to participate in this effort and proud to be the first vendor to offer a static-analysis tool that is compatible in all aspects,” said Paul Anderson, VP of Engineering at GrammaTech.

Software acquirers want assurance that the software products they are obtaining are reviewed for known types of security flaws, and the acquisition groups in large government and private organizations are moving forward to use these types of reviews as part of future contracts. However, the tools and services that can be used for this type of review are new at best and there is no nomenclature, taxonomies, or standards to define the capabilities and coverage of these tools and services. This makes it difficult to comparatively decide which tool/service is best suited for a particular job. What is needed is a standard list and classification of software security weaknesses to serve as a unifying language of discourse and a measuring stick for tools and services. CWE was created specifically to address these problems. More information about CWE can be found at cwe.mitre.org/about/index.html.

About GrammaTech

GrammaTechs static-analysis tools are used worldwide by startups, Fortune 500 companies, educational institutions and government agencies. The staff includes ten PhD-level experts in programming languages and program analysis. The company has offices in Ithaca, New York, and San Jose, California. More information about GrammaTech can be found at www.grammatech.com.

GrammaTech and CodeSonar are trademarks of GrammaTech, Inc. All other trademarks are property of their respective companies.

The URL for this release is located at: www.grammatech.com/news/2008/releases/03-18-08.[…].

GrammaTech

Boeing Flight-Tests 2-Pound Imaging Radar Aboard ScanEagle Unmanned Aircraft
A unique portal to trade software IPs, Codecs, Reference Design or Patents.
Related posts
  • Related posts
  • More from author
Articles

Editor’s Foreword: Livin’ la Vida MOSA!

May 24, 20230
Articles

Embedded Tech Trends 2023 Wrapup

May 23, 20230
Industry News

2022 State of the VITA Technology Industry — Spring Edition

August 24, 20220
Load more
Read also

The VITA Technologies 2026 Resource Guide is here!

June 15, 20260

VITA Standards Update

June 15, 20260
Articles

VITA 100 and the next phase of embedded computing standards

June 15, 20260
Articles

VME in defense systems: A legacy of reliability, longevity, and determinism

June 15, 20260
Articles

MOSA, SOSA, and VITA explained: The standards behind VPX defense electronics

June 15, 20260
Eletter Products

SPONSORED: Mission-Ready Chassis Management Aligned to SOSA®

June 4, 20260
Load more

Recent Comments

No comments to show.
    • Articles
    • White Papers
    • Products
    • News
    • Articles
    • White Papers
    • Products
    • News
    • VME
    • XMC
    • FMC
    • PMC
    • VNX
    • VPX
    • VME
    • XMC
    • FMC
    • PMC
    • VNX
    • VPX

    © 2023 VITA Technologies. All rights Reserved.