Using static code analysis to support DO-178b certification

Paul Anderson, GrammaTech   
9/6/2011 6:29 PM EDT

In this Product How-To, Paul Anderson of GrammaTech takes you step by step through the DO-178B and how use his company’s static analysis tools to support the safety-critical software requirements of the specification [read more].

As one of my interest in software security, I keen to evaluate the effectiveness and efficiencies of GrammaTech CodeSonar on its static analysis capability using taxonomy of C Overflow Vulnerabilities Attack which I constructed for the purpose of identifying overflow vulnerabilities in C. However, due to fact (based on my email conversation between one of the company's employee), I can't evaluate theirs thus I'm not sure how their tools could help supporting the safety-critical software requirements.

And I can says one things for sure here that all tools including CodeSonar is yet to successfully help in reducing vulnerabilities in software. This can been seen by looking at various vulnerability database and advisories released by Symantec, Karspesky, Microsoft, NIST, etc. The numbers are still large and yet to see it is tremendously reduce.