ThomasNet News Logo
Sign Up | Log In | ThomasNet Home | Promote Your Business

Static Analysis Software examines binary libraries.

Print | 
Email |  Comment   Share  
March 13, 2013 - With CodeSonar for Binaries, users can examine software for security vulnerabilities and malicious code, without need for source code. Because technology does not rely on debug or symbol-table information, it can examine stripped executables normally shipped by software vendors. Program analyzes software that users actually run, so it can detect problems introduced not only by programmers, but also by compiler and other tools in development chain.

GrammaTech Announces Static Analysis Tool for Examining Binaries

(Archive News Story - Products mentioned in this Archive News Story may or may not be available from the manufacturer.)

Grammatech, Inc.
317 N. Aurora St.
Ithaca, NY, 14850

Press release date: March 5, 2013

CodeSonar for binaries identifies security vulnerabilities in third-party executables, enabling better Supply Chain Risk Management (SCRM)

ITHACA, NY–GrammaTech, Inc., a leading manufacturer of software-analysis tools, today announced a groundbreaking static-analysis tool for analyzing binary libraries and executables. CodeSonar for Binaries enables users to examine software for security vulnerabilities and malicious code, without the need for source code. Because the technology does not rely on debug or symbol-table information, it can examine the stripped executables normally shipped by software vendors. As a result, users can use CodeSonar for Binaries to perform a security analysis on software without any cooperation from the vendor.

The analysis engine is the result of a 10-year collaboration between GrammaTech and the University of Wisconsin-Madison, involving 21 experts in program analysis and $15 million in research and development (R&D). As GrammaTech increased its R&D spending, several key researchers at the University of Wisconsin joined the company. The innovative technology has received prestigious awards at Computer Science conferences.

“While many software-analysis tools exist, nearly all require source code. Yet end users seldom have access to the source code. CodeSonar for Binaries empowers end users by enabling them to perform a security audit on executables,” said Mark Zarins, VP of Sales and Marketing at GrammaTech. “It analyzes the software that users actually run--the specific machine code to be run on the processor. As a result, CodeSonar for Binaries can detect problems introduced not only by programmers, but also by the compiler and other tools in the development chain.”

Market research firm Gartner predicts that “By 2017, IT supply chain integrity will be identified as a top three security-related concern by Global 2000 IT leaders.” Gartner’s October 2012 report entitled, “Living in a World Without Trust: When IT’s Supply Chain Integrity and Online Infrastructure Get Pwned,” outlines the impact of, and extent to which IT supply chains will be under attack and impaired in the future. According to Gartner, “The use of contaminated software in the creation of a finished software offering, whether inadvertent or intentional, is conceptually no different than the use of contaminated meat to create hamburgers. Both result in a final product that is compromised from creation.”

“Disassembly tools have been available for analyzing binaries, but analyzing low-level machine code manually, or even with scripts, is extremely time consuming and not really a scalable approach to identifying vulnerabilities,” said Paul Anderson, VP of Engineering at GrammaTech. “CodeSonar for Binaries makes it easy to examine large executables rapidly. Furthermore, the tool is fully integrated with GrammaTech’s source-code analysis technology, allowing customers to analyze projects that are a combination of source and binary code.”

CodeSonar for Binaries is currently being used by early adopters at a number of organizations. Parties interested in the tool should contact GrammaTech. More information is available at

About GrammaTech
GrammaTech’s static-analysis tools are used worldwide by Fortune 500 companies, educational institutions, startups, and government agencies. Our customers create software for mission-critical applications. Since its inception as a spin-off of Cornell University, GrammaTech has focused on providing static analysis for applications where reliability and security are paramount. The staff includes 16 PhD-level experts, including world-renowned experts in the field of binary analysis, and a superb engineering team, all focused on creating the most innovative and in-depth analysis algorithms. The company’s flagship product, CodeSonar, is a sophisticated static-analysis tool that performs a whole-program, interprocedural analysis on both source code and binaries, and identifies complex programming bugs that can result in serious reliability or security problems.

CodeSonar is a registered trademark of GrammaTech, Inc. All other trademarks are property of their respective companies.

The URL for this release is located at: http://

GrammaTech Contact Information:
GrammaTech, Inc., 531 Esty Street, Ithaca, NY 14850, Tel: +1 607-273-7340, Email:, Website:
Print | 
Email |  Comment   Share  
Contacts: View detailed contact information.


Post a comment about this story

(your e-mail address will not be posted)
Comment title:
To submit comment, enter the security code shown below and press 'Post Comment'.

 See related product stories
More .....
 See more product news in:
 More New Product News from this company:
Software Development Tools enhance embedded app design.
Code Troubleshooting Software offers architecture visualization.
Source Code Analysis Tool supports multiple languages.
Source-Code Static Analysis Software pinpoints defects.
More ....
| Featured Manufacturing Jobs
 Other News from this company:
GrammaTech Adds Dynamic Analysis to Product Portfolio with Cantata
GrammaTech Selected by the U.S. Navy to Improve Software Security
Crank Software Selects GrammaTech to Turn up Software Quality and Security
NASA Awards GrammaTech Contract for Eclipse Specification Editing and Discovery Tool for C/C++
GrammaTech Integrates Static Analysis with Eclipse Development Environment
More ....
 Tools for you
Watch Company 
View Company Profile
Company web site
More news from this company
E-mail this story to a friend
Save Story
Search for suppliers of
Software Development Tools
Data Analysis Software
Debugging Software
Join the forum discussion at:
Engineers Lounge

Home  |  My ThomasNet News®  |  Industry Market Trends®  |  Submit Release  |  Advertise  |  Contact News  |  About Us
Brought to you by        Browse ThomasNet Directory

Copyright © 2014 Thomas Publishing Company. All Rights Reserved.
Terms of Use - Privacy Policy

Error close

Please enter a valid email address