GrammaTech, Inc., a leading developer of commercial embedded software assurance tools and advanced cybersecurity solutions, has announced that the Department of Homeland Security (DHS) has awarded it $3.5m to continue into the next 12-month phase of the Static Analysis Tools Modernisation Project (STAMP). The goal of the project is to modernise open-source static analysis tools, which are used by developers to detect cyber vulnerabilities in software systems. GrammaTech will perform the work together with its subcontractor Secure Decisions of Northport, NY.
GrammaTech’s vision for this modernisation is to:
- Enhance and develop open standards that allow static analysers to be seamlessly integrated with software development tools and workflows.
- Use machine learning to expand the set of checks covered by static analysers, and to aide in triage of the false positives inherent in the use of static analysis.
- Develop real-world test cases using bug injection technology that make it easier to evaluate static analysis tools.
“GrammaTech’s selection by DHS as the STAMP performer affirms our leadership in the field of static analysis,” said Tim Teitelbaum, CEO of GrammaTech. “We will make existing tools more powerful and accessible so engineers maximise the return on their investment in Static Application Security Testing (SAST).”
STAMP will deliver a significant contribution to the programming community at large. Coders who develop applications in popular languages like C/C++, Java, C#, JavaScript, and Python will benefit from GrammaTech’s work through improved analysis tools that better integrate with commercial software development environments.
Secure Decisions will participate in developing a tool for the comprehensive evaluation of static analysers. This work will build in part on GrammaTech’s BugInjector, a tool that aids in estimating a static analyser’s false negative rate by automatically injecting known bugs into user programmes.
