Article Top Ad
Reading Time: 3 minutes

Leading Software Expert will Discuss the Role of Application Security Testing and Software Composition Analysis in Protecting the Digital Supply Chain

BETHESDA, Md.–(BUSINESS WIRE)–#AppsecGrammaTech, a leading provider of application security testing products and software research services, today announced that its VP of Engineering Dr. Paul Anderson will present two sessions at embedded world 2021 DIGITAL, the world’s largest conference on embedded technologies and trends.


Dr. Paul Anderson, VP of Engineering at GrammaTech, leads product engineering, and is responsible for the company’s full product portfolio. He is an expert in regulatory requirements and best practices for assuring software security and safety. He has served as Principal Investigator for SBIR Phase I and Phase II government research contracts for static analysis of machine code, program understanding and code rewriting. Dr. Anderson is a senior member of the Association for Computing Machinery (ACM).





“Finding the Serious Bugs that Matter with Advanced Static Analysis”

Wed, March 3, 2021 @ 4:15 PM




Embedded software that guides vehicle intelligence systems, ADAS, space exploration and guided missiles must be free from safety defects and security vulnerabilities. In this session, Dr. Anderson will explain why conventional static analysis tools being used to ensure compliance with coding standards such as MISRA, OWASP and CERT are unable to detect serious defects. He will discuss the need for a binary analysis that can extract deep, semantic meaning for finding hidden defects and vulnerabilities, and present real-world examples of bugs this approach can detect in production code that has passed style checking, manual review, and testing.




“Finding N-day Security Vulnerabilities in Third-party Software”

Fri., March 5, 2021 @ 2:30 PM



Developers are increasingly turning to commercial off-the-shelf (COTS) components to reduce cost and time to market for new applications and services. This third party code can introduce n-day vulnerabilities (for which a fix is available but hasn’t been applied) into applications, as happened with the Apache Struts vulnerability and the Equifax breach. It is difficult to detect since source code is often unavailable for testing. In this session, Dr. Anderson will explain how new Software Composition Analysis tools can identify n-days in binary components. He’ll take it under the hood to discuss how SCA uses sets of identification algorithms and machine learning to produce a software bill of materials (SBOM) and cross-check components against vulnerability databases to assess risk.




Wed, March 3, 2021 @ 4:15 PM – “Finding the Serious Bugs that Matter with Advanced Static Analysis”




Fri., March 5, 2021 @ 2:30 PM – “Finding N-day Security Vulnerabilities in Third-party Software”




embedded world 2021 DIGITAL. The embedded world conference is the world’s largest gathering of embedded experts who discuss key trends, new developments and solutions. Due to Covid-19, this year’s event will be entirely digital and will run from March 1-5, 2021.




To register, visit To schedule a conversation with Dr. Anderson, contact Marc Gendron at [email protected] or +1 781.237.0341.

About embedded world 2021 DIGITAL

By experts for experts: The embedded world 2021 DIGITAL is where specialists gather to share knowledge. International exhibitors from around the world will present their products, new developments and solutions on the Internet-of-Things, hardware, software and systems engineering, safety and security, system-on-chip design, embedded vision, human-machine interaction, wired and wireless data transfer and autonomous systems. For more information, visit the conference website at, and follow on Twitter, LinkedIn, and Facebook. Use hashtags #ew21 and #ew21DIGITAL.

About GrammaTech

GrammaTech is a leading global provider of application testing (AST) solutions used by the world’s most security conscious organizations to detect, measure, analyze and resolve vulnerabilities for software they develop or use. The company is also a trusted cybersecurity and artificial intelligence research partner for the nation’s civil, defense, and intelligence agencies. GrammaTech has corporate headquarters in Bethesda MD with a Research and Development Center in Ithaca NY. Visit us at, and follow us on LinkedIn and Twitter.

CodeSonar® is a registered trademark of GrammaTech, Inc.



Marc Gendron

Marc Gendron PR for GrammaTech


[email protected]

Powered by WPeMatico