GrammaTech, Inc., a leading manufacturer of source-code analysis tools, today announced that the next version of CodeSonar will support the secure coding rules developed by US-CERT. The coding standard provides secure coding rules and recommendations, which reduce insecure coding practices that can create vulnerabilities. CodeSonar’s automated analysis will review code and quickly identify problematic sections of code that violate US-CERT secure coding guidelines. CodeSonar’s automated enforcement will reduce the need for manual review, making it easier for organizations to adopt the coding standard.
US-CERT, a premier center for computer security expertise, is the operational arm of the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS). US-CERT’s mission includes analyzing and reducing threats to cybersecurity within the U.S. It also collaborates with international partners to strengthen Internet security worldwide. The coding rules are part of a broad US-CERT software-assurance initiative called Build Security In. In developing the Build Security In coding rules, US-CERT drew ideas from leading security experts.
By following US-CERT’s recommendations and adopting the Build Security In coding rules, companies can jump-start their efforts to improve product security. “Good design is obviously critical and Build Security In provides a wealth of resources for improving design. But design alone is not the whole story—correct implementation really matters. A large number of vulnerabilities are created by coding flaws. The Build Security In coding rules are aimed at reducing such vulnerabilities. By adhering to the standard, companies can leverage the collective experience of security experts and avoid writing high-risk code. CodeSonar’s static analysis makes the process easier by identifying problematic code quickly and automatically. Early identification of problematic code makes it easier to correct,” said Paul Anderson, GrammaTech’s vice president of Engineering.
Checkers that examine code for adherence to Build Security In rules will be incorporated into the standard version of CodeSonar. Other features will include support for Windows Vista (incl. x64), Windows 7 (incl. x64), Windows Server 2008 (incl. x64), Windows XP x64, and Windows Server 2003 x64, adding to the set of platforms already supported by CodeSonar: Windows 2000, Windows Server 2003, Windows XP, Linux (x86 and x86-64), Solaris (SPARC, x86, and x86-64), and Mac OS X (x86 and x86-64). Additional features will include improvements to analysis precision, analysis time and the user interface.
About CodeSonar
CodeSonar is a sophisticated static-analysis tool that performs a whole-program, interprocedural analysis on code and identifies complex programming bugs that can result in system crashes, memory corruption and other serious problems. CodeSonar has long been the software-analysis tool of choice for companies working on mission-critical applications such as satellites, avionics, industrial controls and medical devices. Companies outside the safety-critical space are also adopting CodeSonar to improve software reliability and security. This includes organizations developing software for wireless devices, networking equipment and consumer electronics.
More information about the Build Security In coding rules can be found at
https://buildsecurityin.us-cert.gov/daisy/bsi-r[…]
Pricing and Availability
The next version of CodeSonar will have the same pricing as CodeSonar 3.4, which is available today starting at $9,600 USD for small projects. Licenses for larger projects are priced based on the size of the project. Interested parties can request a free trial of CodeSonar by contacting GrammaTech at [email protected].
About GrammaTech
GrammaTech’s static-analysis tools are used worldwide by startups, Fortune 500 companies, educational institutions and government agencies. The staff includes ten PhD-level experts in programming languages and program analysis. The privately-held company is headquartered in Ithaca, NY. More information about GrammaTech can be found at www.grammatech.com.
###
The URL for this release is located at: www.grammatech.com/news/2009/releases/9-21-09.h[…]
North American Sales Contact: GrammaTech, Inc., 317 North Aurora Street, Ithaca, NY, Tel. 800-329-4932, Email: [email protected], Website: www.grammatech.com.
International Sales Contacts:
UK and SCANDINAVIA: Scientific Computers Ltd, Jubilee House, Jubilee Walk, Three Bridges, CRAWLEY, West Sussex,
RH10 1LQ, UK, Tel: +44 (0) 1293 403636, Email: [email protected].
The Netherlands and Central Europe: Logic Technology, JF. Kennedylaan 18, 5981 XC Panningen, The Netherlands,
Tel: +31 77 3078438, E-mail: [email protected].
FRANCE: ISIT, 8 Av. Jean Mermoz, Bât. Les Diamants, 31770 Colomiers, France, Tel: +33 (0) 5 61 30 69 00,
Email: [email protected].
JAPAN: A.I. Corporation, Iijima Bldg, 2-25-2, Nishigotanda, Shinagawa-ku, Tokyo, 141-0031, Japan, Tel: +81-3-3493-7981,
Email: [email protected].
KOREA: MDS Technology Co., Ltd., 15F Kolon Digital Tower Billant, Guro3-dong, Guro-gu, Seoul, Korea, 152-777,