Over the last few years, third-party code has moved from a minor factor in software development to a dominant force in the industry. It is now used throughout software development in all applications, from highly sensitive government and military applications to security-intensive consumer commerce and communications.

As a result of this outsourcing, the behaviours of significant parts of applications are actually hidden from most of today’s popular code analysis tools. Because third-party software is commonly delivered only in executable form, it cannot be examined with commercially available static source code analysis tools. Without access to the source code, these tools cannot fully account for the security consequences of executing the third-party code in the application.

Based on over 10 years of research, GrammaTech has developed an advanced new capability, CodeSonar for Binaries that uses binary analysis to examine third-party code without requiring access to source code.