GrammaTech, Inc., a leading developer of commercial embedded software assurance tools and advanced cybersecurity solutions, announced today that the Department of Homeland Security (DHS) has awarded it $3.5M to continue into the next 12-month phase of the Static Analysis Tools Modernization Project (STAMP). The goal of the project is to modernize open-source static analysis tools, which are used by developers to detect cyber vulnerabilities in software systems. GrammaTech will perform the work together with its subcontractor Secure Decisions of Northport, NY.
GrammaTech’s vision for this modernization is to:
- Enhance and develop open standards that allow static analyzers to be seamlessly integrated with software development tools and workflows.
- Use machine learning to expand the set of checks covered by static analyzers, and to aide in triage of the false positives inherent in the use of static analysis.
- Develop real-world test cases using bug injection technology that make it easier to evaluate static analysis tools.
“GrammaTech’s selection by DHS as the STAMP performer affirms our leadership in the field of static analysis,” said Tim Teitelbaum, CEO of GrammaTech. “We will make existing tools more powerful and accessible so engineers maximize the return on their investment in Static Application Security Testing (SAST).”
STAMP will deliver a significant contribution to the programming community at large. Coders who develop applications in popular languages like C/C++, Java, C#, JavaScript, and Python will benefit from GrammaTech’s work through improved analysis tools that better integrate with commercial software development environments.
Secure Decisions will participate in developing a tool for the comprehensive evaluation of static analyzers. This work will build in part on GrammaTech’s BugInjector, a tool that aids in estimating a static analyzer’s false negative rate by automatically injecting known bugs into user programs.