GrammaTech is a software-development tools vendor based in

Bethesda, Maryland Bethesda () is an unincorporated, census-designated place in southern Montgomery County, Maryland. It is located just northwest of Washington, D.C. It takes its name from a local church, the Bethesda Meeting House (1820, rebuilt 1849), which ...

with a research center based in

Ithaca, New York Ithaca is a city in the Finger Lakes region of New York (state), New York, United States. Situated on the southern shore of Cayuga Lake, Ithaca is the seat of Tompkins County, New York, Tompkins County and the largest community in the Ithaca m ...

. The company was founded in 1988 as a technology spin-off of Cornell University. GrammaTech is a provider of application security testing products (

static application security testing Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers ...

, Software Composition Analysis) and software research services.

Products

CodeSonar is a source code and binary code

static analysis Static analysis, static projection, or static scoring is a simplified analysis wherein the effect of an immediate change to a system is calculated without regard to the longer-term response of the system to that change. If the short-term effect i ...

tool that performs a whole-program, interprocedural analysis on C, C++, C#,

Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's mo ...

, and binary executables. It identifies programming bugs and security vulnerabilities in software. CodeSonar is used in the Defense/Aerospace, Medical, Industrial Control, Electronic, Telecom/Datacom and Transportation industries. The U.S.

Food and Drug Administration The United States Food and Drug Administration (FDA or US FDA) is a federal agency of the Department of Health and Human Services. The FDA is responsible for protecting and promoting public health through the control and supervision of food ...

(FDA)

Center for Devices and Radiological Health The Center for Devices and Radiological Health (CDRH) is the branch of the United States Food and Drug Administration (FDA) responsible for the premarket approval of all medical devices, as well as overseeing the manufacturing, performance and safe ...

uses it to detect defects in fielded medical devices. The U.S.

National Highway Traffic Safety Administration The National Highway Traffic Safety Administration (NHTSA ) is an agency of the U.S. federal government, part of the Department of Transportation. It describes its mission as "Save lives, prevent injuries, reduce vehicle-related crashes" rel ...

(NHTSA) and

NASA The National Aeronautics and Space Administration (NASA ) is an independent agency of the US federal government responsible for the civil space program, aeronautics research, and space research. NASA was established in 1958, succeedi ...

used it in its Study on Sudden Unintended Acceleration in the electronic throttle control systems of Toyota vehicles. CodeSentry is derived from GrammaTech’s binary code analysis research. This technology performs deep analysis of object, library and executable files without the need for source code in order to identify known software security vulnerabilities. Binary analysis is an efficient method for software composition analysis with high

precision and recall In pattern recognition, information retrieval, object detection and classification (machine learning), precision and recall are performance metrics that apply to data retrieved from a collection, corpus or sample space. Precision (also called ...

results and fewer false positives.

Research

GrammaTech's research division undertakes projects for private contractors, including several U.S. government agencies, such as

, the NSF, and many branches of the

Department of Defense Department of Defence or Department of Defense may refer to: Current departments of defence * Department of Defence (Australia) * Department of National Defence (Canada) * Department of Defence (Ireland) * Department of National Defense (Philippin ...

. GrammaTech's research is focused on both

and dynamic analysis, on both source code and binaries. GrammaTech participated and came in 2nd place in

DARPA The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military. Originally known as the Ad ...

2016 Cyber Grand Challenge The 2016 Cyber Grand Challenge (CGC) was a challenge created by The Defense Advanced Research Projects Agency (DARPA) in order to develop automatic defense systems that can discover, prove, and correct software flaws in real-time. The event place ...

, earning $1 million as Team TECHx. GrammaTech led Team TECHx, a collaboration with the University of Virginia, using their co-developed cyber-reasoning system called Xandra.

History

GrammaTech is a 1988 spin-off from

Cornell University Cornell University is a private statutory land-grant research university based in Ithaca, New York. It is a member of the Ivy League. Founded in 1865 by Ezra Cornell and Andrew Dickson White, Cornell was founded with the intention to ...

, where its founders had developed an early

Integrated Development Environment An integrated development environment (IDE) is a software application that provides comprehensive facilities to computer programmers for software development. An IDE normally consists of at least a source code editor, build automation tools a ...

in 1978 (the Cornell Program Synthesizer) and a system for generating language-based environments from attribute-grammar specifications in 1982 (the Synthesizer Generator). Commercial systems that have been implemented using the Synthesizer Generator include ORA's Ada verification system (Penelope), Terma's Rigorous Approach to Industrial Software Engineering (Raise), and Loral's checker of the SPC Quality and Style Guidelines for Ada. GrammaTech co-founders Tom Reps and

Tim Teitelbaum (Ray) Tim Teitelbaum (born April 12, 1943, United States) is an American computer scientist known for his early work on integrated development environments (IDEs), syntax-directed editing, and incremental computation. He is Professor Emeritus a ...

received the 2010 ACM

SIGSOFT The Association for Computing Machinery's Special Interest Group on Software Engineering provides a forum for computing professionals from industry, government and academia to examine principles, practices, and new research results in software en ...

Retrospective Impact Awar

for their work on the Synthesizer Generator. GrammaTech commercialized the Wisconsin Program slicing, Program-Slicing Tool as CodeSurfer for C and C++ in 1999. CodeSonar for C and C++, a

tool, has been available since 2005. GrammaTech co-founder

Reps Reps is a small town in the Lezhë County, northwestern Albania. At the 2015 local government reform it became part of the municipality Mirditë. It was the seat of the former municipality Orosh Orosh (or ) is a small village in Mirditë within ...

and two other company affiliates shared in a 2011 ACM

Retrospective Impact Awar

for their paper describing the Wisconsin slicing research. GrammaTech and the University of Wisconsin have been collaborating since 2001 to develop Program analysis (computer science), analysis,

reverse-engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...

, and anti-tamper tools for binary executables. Byproducts of this research are CodeSurfer/x86 (a version of CodeSurfer for the

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California, Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the devel ...

x86 instruction set), CodeSonar/x86 (a bug and vulnerability finding tool for stripped executables), and an approach to creating such systems automatically from formal semantic descriptions of arbitrary

instruction set architectures In computer science, an instruction set architecture (ISA), also called computer architecture, is an abstract model of a computer. A device that executes instructions described by that ISA, such as a central processing unit (CPU), is called an ...

. This research was later commercialized into CodeSonar for Binaries and CodeSentry, a software composition analysis tool. In 2019, GrammaTech was acquired by Five Points Capital.

References

External links

* {{DEFAULTSORT:Grammatech Static program analysis tools Software companies based in New York (state) Software companies of the United States