GrammaTech Integrates C-Decompiler with Static Analysis for Native Binaries



Security engineers performing vulnerability assessments have an exciting new capability to measure security risk in native binaries. GrammaTech, a leading provider of software assurance tools and cybersecurity solutions, today announced availability of CodeSonar® 5, with enhanced support for static analysis of native binaries.

CodeSonar®’s binary analysis capability allows security engineers to perform vulnerability assessments on applications implemented as native binaries even if they lack debug information or source code. These types of applications are often found in security sensitive, internet accessible systems such as industrial controllers, point-of-sale systems, and Internet of Things devices, but also automotive and critical infrastructure devices managing power or water resources.

The recently released CodeSonar® 5 enhances the static analysis tool's binary analysis capabilities with a built-in C Decompiler. This enables security engineers to consult familiar C syntax side-by-side with warnings identified in machine code, and makes it much easier and faster to score the warnings with rankings such as the CVSS (Common Vulnerability Scoring System) as part of a Vulnerability Assessment (VA). Vulnerability Assessment is one of the steps in a Vulnerability Management Framework, which is one of the best practices recommended by policies including the Payment Card Industry Data Security Standard (PCI DSS), the US Federal Information Security Management Act (FISMA), and ISO 27001.

“Most software teams perform cyber security assessments during software development,” says Mark Hermeling, Senior Director of Product Marketing at GrammaTech, Inc. “CodeSonar® for Binaries is different as it allows the same assessment to be applied to the final binary without requiring source code. This is a great additional tool in the toolbox of cyber security teams that are investigating security and safety critical devices.”

The update is available as a free upgrade to all licensed customers under active support and maintenance contracts. A 30-day free trial of CodeSonar® 5 is also available at

DFARS 252.235-7010 Acknowledgement of Sponsorship: This material is based upon work supported by the Office of Naval Research under Contract No. N68335-17-C-0454. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the AFRL.

About GrammaTech:

GrammaTech's advanced static analysis tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally developed within Cornell University, GrammaTech is now a leading research center for software security and a commercial vendor of software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis tools that analyze source code as well as binary executables, GrammaTech continues to advance the science of superior software analysis, providing technology for developers to produce safer software. For more information, visit or follow us on LinkedIn.

CodeSonar® is a registered trademark of GrammaTech.

Want to see it in action?

Check out our demonstration video here.