MISRA C:2012 Rule 1.3 and the Dark Underbelly of C and C++

MISRA C is a set of guidelines for the safe use of the C programming language mainly targeted for its use in safety-critical...

How Sound Static Analysis Complements Heuristic Analysis

Not all static analysis tools work the same, there are in fact a spectrum of tools that use a variety of techniques ranging...

CodeSonar’s Integration with Microsoft Visual Studio

Microsoft Visual Studio continues, at 21 years old, to be a dominant integrated development environment (IDE) for developers...

Static Analysis Results: A Format and a Protocol: SARIF & SASP

Introduction

Static analysis tools are now very widely used in industry, academia, and open-source, so there is an...

Detecting the Beep Vulnerability with CodeSonar

The linux beep utility is a small utility command to literally send a tone to the user’s speaker. A subtle error in the...