Hi [[ session.user.profile.firstName ]]

Achieving Industrial Functional Safety with IAR and GrammaTech

This broadcast reviews current functional safety standards including IEC61508, EN50128, ISO26262 and how to execute towards necessary safety requirements. IAR and GrammaTech discuss how security impacts safety, how to make sure you have security in the device and software development lifecycle levels, and ensuring you have the tools needed to follow the growing security standards.
Recorded Jan 20 2021 42 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Mark Hermeling, GrammaTech; Shawn Prestridge, IAR
Presentation preview: Achieving Industrial Functional Safety with IAR and GrammaTech

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Software supply chain exploits are exploding–How to proactively prevent threats Recorded: Oct 19 2021 51 mins
    Jim Routh, Former CSO, CISO; Vince Arneja, Chief Product Officer, GrammaTech
    Your software supply chain is increasingly coming under attack - straining your existing cybersecurity measures to detect attacks. Can you exclusively rely on this reactive technology, such as antivirus, firewalls, etc., to keep up with the threats and breaches? We all intuitively know that the software deployed to the employee base is vulnerable and susceptible to attack, but until now there hasn’t been a way to proactively prevent these threats. Jim Routh, a former CISO and CSO at MassMutual, Aetna and CVSHealth, will discuss a risk-based management approach to proactively reduce this threat in your organization.
  • Exposing Software Supply Chain Security Blind Spots Recorded: Sep 15 2021 51 mins
    Michael Sampson, Senior Analyst, Osterman Research; Vince Arneja, Chief Product Officer, GrammaTech
    Research highlights hidden vulnerabilities in commonly used commercial off-the-shelf software applications

    Commercial off-the-shelf (COTS) software includes prevalent use of third-party and open-source components creating a software supply chain security blind spot. The findings in a recent Osterman Research report present a serious weakness in the software supply chain of many widely used COTS software applications. This webinar will share results of the research report and discuss how organizations can take a more proactive approach to ensuring a stronger enterprise-wide cybersecurity posture.

    In this webinar, you will learn:
    • Why vulnerabilities in COTS software applications are a cybersecurity threat
    • 100% of all analyzed applications with open-source components in five common software categories (web browsers, email, file sharing, online meetings and messaging) contained vulnerable open-source components
    • Applications in the meeting and email client categories were the most vulnerable
    • Critical vulnerabilities (CVSS 10.0) were found in 85% of these applications
    • New ways of analyzing COTS software applications to better reduce your attack surface and potential for compromise
  • DevSecOps for Embedded Software Development Recorded: Aug 25 2021 45 mins
    Walter Capitani | Director, Technical Product Management
    Ensuring security and safety from inception to delivery.

    Embedded software supports many critical functions in systems (i.e. industrial, automotive, aerospace, military and defense controls) where failure is not an option. Ensuring quality, security and safety of these systems starts in software development. Establishing a DevSecOps process by integrating and automating static application security testing (SAST) into your software development life cycle (SDLC) is essential to success. With the latest release of CodeSonar, GrammaTech helps development teams as they strive to release code with zero defects.

    In this webinar, you will learn:
    • Why ensuring security and safety must start in code development
    • How to integrate SAST into your CI/CD pipeline to achieve DevSecOps success
    • What new features of CodeSonar will help you:
    o Single unified SAST platform for C, C++, C# and Java
    o Seamless integrations with CI/CD tools – New GitHub and GitLab integration
    o Added security standards mapping for CERT and OWASP
    o Deepest analysis with less false positives
    o New built-in reports for safety critical (i.e. AUTOSAR, MISRA, BSA, JPL, etc.) and security
  • Software Supply Chain Security – Ignorance Is No Longer Bliss Recorded: Jun 22 2021 54 mins
    Chris Rommel, Executive Vice President at VDC Research; Vince Arneja, Chief Product Officer at GrammaTech
    The New Cybersecurity Executive Order Explained.

    The recent Cybersecurity Executive Order puts a strong emphasis on improving software supply chain security. With vulnerabilities increasing in software and attack surfaces growing, the new mandate will now require a software bill of materials (SBOM) of all application components including open-source and third-party. Together VDC Research and GrammaTech will discuss the complexities and the growing importance of the software supply chain, explain the Executive Order and provide recommendations and actions you can take today to better address security concerns.

    In this webinar, you will learn about:
    - The current state of the software supply chain and why is software increasingly vulnerable
    - Details of Cybersecurity Executive Order and how to address software supply chain security
    - A solution for producing a software bill of materials (SBOM) including for third party (binary) code while understanding the vulnerabilities they introduce
  • Failure is Not an Option: Best Practices in Mission-Critical System Development Recorded: Jun 8 2021 65 mins
    AFuzion – Vance Hilderman; Lynx Software Technologies – Ian Ferguson; GrammaTech, Inc. – Walter Capitani
    Tuesday, June 8 @ 10am ET

    It is clear that in the next few years, we will start to see a range of new autonomous and eVTOL flying craft, both commercial and military, supporting applications such as passenger transport, package delivery and infrastructure inspection. The tight space, cost and power constraints place significant challenges on system architects to create platforms which are safe, secure and certifiable. These mission-critical systems must work deterministically as intended all the time. This webinar, supported by AFuzion, GrammaTech and Lynx Software Technologies, will focus on delivering that determinism for the development process, the software being deployed and how that software executes.

    System architects will learn about
    - Critical aspects for software determinism; Ensuring software performs as intended while meeting adherence to software standards, with emphasis on cyber security and static code analysis
    - Determinism of software execution; Reviewing time/space partitioning techniques to avoid multicore processor interference
    - Best practices for a deterministic development process; Meeting certification standards for Cyber and Software Engineering optimally with evidence
  • DevSecOps – Detecting 0-day and N-day Vulnerabilities, Everyday. Recorded: May 10 2021 28 mins
    Walter Capitani | Director, Technical Product Management
    The software development industry is in the midst of a shift to integrating security into the software development process - this is often referred to as DevSecOps, the combination of Development, Security and Operations.
  • Diving Into DevOps in 2021 Recorded: Apr 13 2021 53 mins
    Vince Arneja, GrammaTech: Dan Beauregard, ZeroNorth, Asanka Abeysinghe, WSO2, Inc. Mary Grygleski, IBM
    Analysts are predicting that throughout 2021, we will continue to see the human element of DevOps shining through. Other predictions forecast that the role of AI and AIOps in DevOps teams will become more prominent and that DevOps will take a larger role in enterprise Digital Transformation efforts.

    As DevOps teams continue to grow and adapt to trends and changes that have emerged from the pandemic, it’s important to take a closer look at these changes and trends.

    Join this panel to learn what the emerging trends around DevOps are, and to hear best practices about how DevOps teams can continue to collaborate and thrive when dealing with new and increased pressures.
    Topics of discussion will include:
    - Key learnings DevOps team have experienced from the events of 2021
    - What the future for DevOps teams may look like, and how it can help businesses innovate
    - The most prominent trends impacting DevOps team and ways of working in 2021, from AIOps to new toolchains
    - And more
  • Safety and Security Critical Software: Start with the End in Mind Recorded: Feb 16 2021 67 mins
    Dr. Marcel Beemster, CTO of Solid Sands and Mark Hermeling, VP of Worldwide Sales @ GrammaTech
    Software development is hard work. Developing C or C++ software that has to be safe and secure is even more difficult. How do you ensure that your end-product behaves the way that you intend it to? As a first step, automated testing is really important. Though necessary, it is not sufficient as testing is limited by definition. There are other fault vectors to consider.

    The first line of defense in functional safety is typically your coding standard. These standards ensure that the team writes easy to understand, easy to maintain code. The next line of defense is dynamic testing, it checks whether the system behaves correctly, given a set of inputs. However, again, while necessary, this is not sufficient. There are often many paths through the system that your dynamic testing has not considered and that can lead to errors such as buffer overruns
or type overruns. These are hard to find problems and can lead to system failure.

    Static analysis is a technology that can help locate these types of errors early in the development cycle, thereby saving time and money.

 One more, sometimes overlooked, fault vector is the compiler: it is the one tool that is responsible for translating all of your source to the target processor. One error in this extremely complex tool can have an unpredictable effect on the application. 

    This is even more important in the age of DevSecOps in which code is always in a state ready to be released. You need to make sure you know that your compiler is up to the task. A compiler validation suite makes sure that you know how your compiler behaves. No compiler is perfect, that is why it is important to know about its weaknesses.


In this webinar Solid Sands and GrammaTech will cover these particular fault vectors and help you cover off these areas, which are often blind spots for software development teams.
  • Binaries - The Hidden Side of Software Composition Analysis (SCA) Recorded: Feb 4 2021 54 mins
    Sandy Carielli, Principal Analyst at Forrester & Vince Arneja, CPO at GrammaTech
    "The Hidden Side of Software Composition Analysis (SCA) – When Source Code is Unavailable"

    Many SCA solutions require source code for their bill-of-materials and vulnerability analysis. However, source code is not always available for much of the supply chain you use in your applications. This third-party content is often delivered as binaries and includes re-used open source or commercial components, many of which have known vulnerabilities that may be unknown to you. Getting a complete software bill-of-materials to fully understand your security exposure is becoming critical.

    In this on demand webinar:
    • Learn how these hidden vulnerabilities can cause major security headaches
    • Discover a new class of SCA products have emerged to meet this challenge
    • Hear success stories from GrammaTech and best practices from Forrester on how to implement binary SCA
  • Why Realizing Safe, Secure Software Requires Building on Strong Foundations Recorded: Jan 20 2021
    Mark Hermeling, GrammaTech
    The challenge of designing safe and secure software systems has never been greater. The emergence of increasingly complex cyber-physical systems, such as autonomous vehicles, demands that software be developed to the highest standards possible. Conventional software engineering practices are based on weak foundations that cannot deliver the basic rigor necessary to realize safe, secure systems.

    In this broadcast, learn how combining model driven analytical software development with static analysis provides the means to handle the increase in complexity and rapidly build robust, reliable and resilient cyber-physical systems based on strong foundations.
  • Combining SAST, Lean, Shift Left, DevSecOps Recorded: Jan 20 2021 45 mins
    Mark Hermeling, GrammaTech
    Wondering what you can do to maximize the efficiency of your software development teams? Watch our webinar to see how you can combine static analysis with concepts from Shift Left, Lean and DevSecOps to empower your software developers. We will look at more than ‘defect detection’ and focus on flexible workflows that allow developers to focus on their deliverables and integrate static analysis into their workflows without overhead.

    Whether you use GitHub, GitLab, raw git, SVN, RCS, ClearCase, TFS, Top, or any other tool, this broadcast will help you understand where static analysis fits in your workflow and how CodeSonar can be used to integrate into our CI/CD pipelines.

    The result: Better code quality, increased safety and security and satisfied developers.
  • Right Tool, Right Methodology: Developing Safety and Security Critical Systems Recorded: Jan 20 2021 46 mins
    Mark Hermeling, GrammaTech; Vince Hilderman, AFuzion
    Recently GrammaTech and AFuzion presented solutions to these questions:
    • Are you prepared enough in your knowledge of Safety-Critical or DO-178C to be “experts in the subject”?
    • Have you considered Cyber-Security/ DO-326A and its impact on your software?
    • Are you receiving RFPs that have a requirement to adhere to coding standards?
    • Are you currently doing manual peer review of code?
    • Does your static analysis check coding standards and detect bugs?
    • Do you need to analyze software of unknown provenance?

    GrammaTech’s CodeSonar for static analysis will help you find more defects in your code faster. AFuzion will show you the gaps in your Safety-Critical methodology and train you to harness the talent of your team - so you can get down to the business of releasing cutting-edge DoD-certified technology sooner, with peace of mind.
  • Tools to Perform a Security Review on Unknown Code with Imagix Recorded: Jan 20 2021 47 mins
    Mark Hermeling - GrammaTech, John Blattner - Imagix
    Performing a deep security review on third party code is hard. You typically receive a bunch of source code, no design documents, very little comments in the source code. Still, you have to do an assessment of the code and provide a risk score. Where do you get started?

    In this broadcast we show you how GrammaTech and Imagix can help. GrammaTech CodeSonar can perform deep static application security testing on the source code. The result is a set of warnings of things that may be risky. Still, to understand whether a problem, say a buffer overrun, is externally triggerable, you would need to understand the design of the application. This is where Imagix comes in, it can overlay the path of the static analysis warning over a design that is reverse engineered from the source code. And that is just one of the many tricks.
  • Functional Safety Certification with Exida and GrammaTech Recorded: Jan 20 2021 34 mins
    Mark Hermeling, Sr Dr of Worldwide Sales at GrammaTech; Dave Butler, Engineer at Exida; Ted Stewart, Program Dev at Exida
    At GrammaTech, we specialize in helping customers improve their software development processes. Many of our customers work with software that has to be certified to certain levels of functional safety, and we receive many questions on the ins-and-outs of functional safety. With our recent functional safety certification through Exida in IEC 61508, ISO 26262 and CENELEC EN 50128, we thought it would be beneficial to invite members of Exida's team to discuss the most frequently asked questions we receive.

    We hope this discussion will enlighten you and your team in how you approach functional safety and functional safety certification.
  • Achieving Industrial Functional Safety with IAR and GrammaTech Recorded: Jan 20 2021 42 mins
    Mark Hermeling, GrammaTech; Shawn Prestridge, IAR
    This broadcast reviews current functional safety standards including IEC61508, EN50128, ISO26262 and how to execute towards necessary safety requirements. IAR and GrammaTech discuss how security impacts safety, how to make sure you have security in the device and software development lifecycle levels, and ensuring you have the tools needed to follow the growing security standards.
  • A Demonstration on CodeSonar to Reduce Cost and Time in Software Development Recorded: Jan 20 2021 58 mins
    Mark Hermeling, Sr Director of Worldwide Sales; Matthew Tkac, Chief Engineer at CS Group
    Strong software development teams have a well-defined process and are supported by a strong tooling environment. CS Group USA and GrammaTech highlight in this webinar how CS Group’s LEAFS can be used in combination with GrammaTech’s CodeSonar to automate the process and help software developers efficiently deliver high quality code that needs to align to functional safety standards.

    View this webinar if you are building software that needs to adhere to functional safety standards and learn how you can further optimize your processes.
Improve Software Safety and Security
GrammaTech is a leading global provider of software analysis and testing solutions used by the world's most security conscious organizations to detect, measure, analyze and resolve security and safety vulnerabilities. The company is also a trusted cybersecurity research partner for the nation’s civil, defense, and intelligence communities.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Achieving Industrial Functional Safety with IAR and GrammaTech
  • Live at: Jan 20 2021 8:45 pm
  • Presented by: Mark Hermeling, GrammaTech; Shawn Prestridge, IAR
  • From:
Your email has been sent.
or close