GrammaTech VP Dr. Paul Anderson to Present at embedded world 2021 DIGITAL

WHO:

Dr. Paul Anderson, VP of Engineering at GrammaTech (News - Alert), leads product engineering, and is responsible for the company's full product portfolio. He is an expert in regulatory requirements and best practices for assuring software security and safety. He has served as Principal Investigator for SBIR Phase I and Phase II government research contracts for static analysis of machine code, program understanding and code rewriting. Dr. Anderson is a senior member of the Association for Computing Machinery (ACM).

WHAT:

"Finding the Serious Bugs that Matter with Advanced Static Analysis"
Wed, March 3, 2021 @ 4:15 PM

Embedded software that guides vehicle intelligence systems, ADAS, space exploration and guided missiles must be free from safety defects and security vulnerabilities. In this session, Dr. Anderson will explain why conventional static analysis tools being used to ensure compliance with coding standards such as MISRA, OWASP and CERT are unable to detect serious defects. He will discuss the need for a binary analysis that can extract deep, semantic meaning for finding hidden defects and vulnerabilities, and present real-world examples of bugs this approach can detect in production code that has passed style checking, manual review, and testing.

"Finding N-day Security Vulnerabilities in Third-party Software"
Fri., March 5, 2021 @ 2:30 PM

Developers are increasingly turning to commercial off-the-shelf (COTS) components to reduce cost and time to market for new applications and services. This third party code can introduce n-day vulnerabilities (for which a fix is available but hasn't been applied) into applications, as happened with the Apache Struts vulnerability and the Equifax breach. It is difficult to detect since source code is often unavailable for testing. In this session, Dr. Anderson will explain how new Software Composition Analysis tools can identify n-days in binary components. He'll take it under the hood to discuss how SCA uses sets of identification algorithms and machine learning to produce a software bill of materials (SBOM) and cross-check components against vulnerability databases to assess risk.

WHEN:

Wed, March 3, 2021 @ 4:15 PM - "Finding the Serious Bugs that Matter with Advanced Static Analysis"

Fri., March 5, 2021 @ 2:30 PM - "Finding N-day Security Vulnerabilities in Third-party Software"

WHERE:

embedded world 2021 DIGITAL. The embedded world conference is the world's largest gathering of embedded experts who discuss key trends, new developments and solutions. Due to Covid-19, this year's event will be entirely digital and will run from March 1-5, 2021.

HOW:

To register, visit https://www.embedded-world.de/en. To schedule a conversation with Dr. Anderson, contact Marc Gendron at [email protected] or +1 781.237.0341.