The Advantages of Hybrid Source and Binary Static Analysis

GrammaTech, Inc

GrammaTech brought unique binary code analysis to the market in 2013. Before then, the only option for binary analysis was to ship your code to specialists who would analyze it and send it back to you with a list of problems. Bringing a commercial binary analysis tool to the market enabled our customers to keep their code in-house and factor binary-only code (such as linked libraries and other third-party code) into safety and security from the beginning of development. Within CodeSonar, binary and source analysis can be done simultaneously on a development project, and the resulting hybrid mode analysis (we call it "mixed mode" at GrammaTech) has many advantages over source-only analysis.

CodeSonar offers the first and only commercially-available binary code analysis product on the market.

For when you don't have access to source code – use Codesonar's groundbreaking binary analysis technology to find bugs and vulnerabilities in binary executables and third-party libraries delivered to you only in binary form.

Unlike other binary code analysis services that require uploading code in order to be analyzed, CodeSonar can be employed on-site, allowing customers to keep their software securely in their own hands. Binary code analysis is available in CodeSonar in two forms: as a standalone analysis tool and integrated with CodeSonar's source code engine.

Find Defects in Third-Party Code

According to VDC Research, a large amount of software that runs embedded devices is now developed by external sources, not in-house development teams. Some of this is open-source, but for third-party commercial software, the source is often unavailable. Because GrammaTech’s binary analysis technology doesn’t rely on debugging or symbol-table information, it can examine the stripped binary executables that third-party software vendors typically ship. With this capability, the technology enables you to perform a security audit on software without any cooperation from the vendor. In CodeSonar's unique Mixed Mode, our binary code analysis technology is integrated with our source code analysis technology, allowing you to analyze third-party libraries at the same time as you analyze your own code. Analyzing application source code together with binary code also enables CodeSonar with the ability to understand how the application interacts with the libaries. This yields more true results and fewer false positives.

531 Esty St., Ithaca, NY 14850