DOCSLIB.ORG

Product Datasheet Codesonar

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Product Datasheet Codesonar CODESONAR PRODUCT DATASHEET Static Analysis and Static Application Security Testing “CodeSonar does a better job of CodeSonar empowers teams to quickly analyze and validate the code – source and/or binary – finding the more serious problems, identifying serious vulnerabilities or bugs that cause system failures, poor reliability, system which are often buried deep in the breaches, or unsafe conditions. code and sometimes hidden by unusual programming constructs that CodeSonar finds more significant defects than other tools, through our innovations in are hard for other static-analysis tools concurrency analysis, tainted dataflow analysis, and comprehensive checkers. to parse.” – GE Aviation Enjoy the Benefits of the Deepest Static Analysis “We were impressed by the depth of Employ Sophisticated Algorithms Analyze Millions of Lines of Code CodeSonar’s analysis.” CodeSonar performs a unified dataflow and CodeSonar can perform a whole-program – Vivante symbolic execution analysis that examines the analysis on 10M+ lines of code. Once an initial computation of the entire program. The baseline analysis has been performed, approach does not rely on pattern matching or CodeSonar’s incremental analysis capability similar approximations. CodeSonar’s deeper makes it fast to analyze daily changes to your “The automated analysis provides a analysis naturally finds defects with new or codebase. The anlaysis can run in parallel to take huge amount of leverage in a unusual patterns. best advantage of multi-core environments. cost-effective way.” – Boston Scientific Comply with Coding Standards Analyze Third-Party Code CodeSonar supports compliance with standards CodeSonar’s Integrated Binary Analysis finds like MISRA C:2012, IS0-26262, DO-178B, security vulnerabilities from libraries or other US-CERT’s Build Security In, and MITRE’S CWE. third-party code without access to source code. “We tried the leading static-analysis tools. CodeSonar performed the deepest analysis and provided the most useful information.” Improve Your Efficiency – Adaptive Digital Systems Collaborate with Teams Software Architecture Visualization Automation features enable large teams to work Visualizing your code makes it easy to uncover together in a coordinated way. For example, it’s and understand relationships between different “Especially good at inter-procedural easy to manage warnings across different project elements in the code. Visual Taint Analysis allows versions or development branches. A Python API you to quickly spot the source of potentially analysis. It can be slow on large code supports customization & integration with other dangerous information flows. bases, but is quite thorough and tools. accurate. Highly recommended.” Reduce the Cost of Development – Gerard Holzmann View Quality Trends Identifying and eliminating defects throughout SPIN Model Checker Creator Graphs display data to help you manage the development cycle will help you ship on-time development and testing efforts. without business risks and liabilities. “In the last six years, we assessed and used several static-analysis tools. We Customize Your Analysis assessed CodeSonar and we decided Custom Checks Custom Metrics to purchase it because it gives New checks can be created easily with the Out of the box, CodeSonar can compute N valuable results easily and quickly.” included C API. Many built-in checks can be different code metrics. You can also use the API – Électricité de France configured according to local requirements. to define custom metrics. CODESONAR® System Requirements Supported languages Code Analysis for Zero-Tolerance Defect Environments C C++ Java Binaries Supported platforms Windows Linux Solaris Machine requirements See quality trends by comparing analysis runs. Find 2 GHz CPU out what types of defects are being introduced. 2 GB of RAM* 15+ GB of free disk space Supported compilers Apple xcode ARM RealView CodeWarrior GCC G++ Green Hills HI-TECH Understand your code with GrammaTech’s IAR See the path to each flaw and how it can occur. award-winning software architecture visualization. Intel C/C++ MS Visual Studio Renesas Some of the Checks Technical Highlights Sun C/C++ Texas Instruments Security Vulnerabilities Reliability Issues Symbolic execution engine CodeComposer Buffer Overrun Data Race Scalable Wind River Uninitialized Variable Deadlock Incremental analysis capability Most other compilers easily Free Non-Heap Variable Null-Pointer Dereference Browser-based user interface supported Use After Free Division by Zero Management reports Double Free/Close Double Close Extensible analysis engine Output formats Format String Vulnerability Dangerous Function Cast Integrates with other tools HTML Return Pointer to Local Resource Leak Easy setup requires no changes XML to build environment Text (plain text and CSV) *Requirements to run in serial mode. Free Trial Parallel mode requires 512MB plus 512MB (and one core) per process. GrammaTech provides a cost-free means to evaluate CodeSonar on your own code so you can compare the results with those reported by other vendors. Request an evaluation copy at http://www.grammatech.com/free-trial About GrammaTech GrammaTech’s tools are used by software developers worldwide, spanning a myriad of embedded software industries including avionics, government, medical, military, industrial control, and other applications where reliability and security are paramount. Originally spun out of Cornell’s computer science labs, FOR MORE INFORMATION GrammaTech is now both a leading research center for software security and a commercial vendor of www.grammatech.com software-assurance tools and advanced cyber-security solutions. With both static and dynamic analysis U.S. SALES 888-695-2668 tools that analyze source code as well as binary executables, GrammaTech continues to advance the INTERNATIONAL SALES +1-607-273-7340 EMAIL [email protected] science of superior software analysis, providing technology for developers to produce safer software. CodeSonar is a registered trademark of GrammaTech, Inc..
Load more

Recommended publications
  • Datalog Disassembly
    Datalog Disassembly Antonio Flores-Montoya Eric Schulte GrammaTech, Inc. GrammaTech, Inc. [email protected] [email protected] Abstract Instruction boundaries Recovering where instructions start and end can be challenging especially in architectures Disassembly is fundamental to binary analysis and rewrit- such as x64 that have variable length instructions, dense ing. We present a novel disassembly technique that takes a instruction sets1, and sometimes interleave code and data. stripped binary and produces reassembleable assembly code. This problem is also referred as content classification. The resulting assembly code has accurate symbolic informa- Symbolization information In binaries, there is no distinc- tion, providing cross-references for analysis and to enable ad- tion between a number that represents a literal and a justment of code and data pointers to accommodate rewriting. reference that points to a location in the code or data. If Our technique features multiple static analyses and heuris- we modify a binary—e.g., by moving a block of code— tics in a combined Datalog implementation. We argue that all references pointing to that block, and to all of the Datalog’s inference process is particularly well suited for dis- subsequently shifted blocks, have to be updated. On the assembly and the required analyses. Our implementation and other hand, literals, even if they coincide with the address experiments support this claim. We have implemented our ap- of a block, have to remain unchanged. This problem is proach into an open-source tool called Ddisasm. In extensive also referred to as Literal Reference Disambiguation. experiments in which we rewrite thousands of x64 binaries We have developed a disassembler that infers precise infor- we find Ddisasm is both faster and more accurate than the mation for both questions and thus generates reassembleable current state-of-the-art binary reassembling tool, Ramblr.
    [Show full text]
  • Undefined Behaviour in the C Language
    FAKULTA INFORMATIKY, MASARYKOVA UNIVERZITA Undefined Behaviour in the C Language BAKALÁŘSKÁ PRÁCE Tobiáš Kamenický Brno, květen 2015 Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Vedoucí práce: RNDr. Adam Rambousek ii Acknowledgements I am very grateful to my supervisor Miroslav Franc for his guidance, invaluable help and feedback throughout the work on this thesis. iii Summary This bachelor’s thesis deals with the concept of undefined behavior and its aspects. It explains some specific undefined behaviors extracted from the C standard and provides each with a detailed description from the view of a programmer and a tester. It summarizes the possibilities to prevent and to test these undefined behaviors. To achieve that, some compilers and tools are introduced and further described. The thesis contains a set of example programs to ease the understanding of the discussed undefined behaviors. Keywords undefined behavior, C, testing, detection, secure coding, analysis tools, standard, programming language iv Table of Contents Declaration ................................................................................................................................ ii Acknowledgements .................................................................................................................. iii Summary .................................................................................................................................
    [Show full text]
  • Codesonar the SAST Platform for Devsecops
    DATASHEET CodeSonar The SAST Platform for DevSecOps Accelerate Application Security Software teams are under constant pressure to deliver more content with higher complexity, in shorter timeframes, with increased quality and security. Static Application Security Testing is a proven best practice to help software teams deliver the best code in the shortest timeframe. GrammaTech has been a leader in this field for over 15 years with CodeSonar delivering multi-language SAST capabilities for enterprises where software quality and software security matter. DevSecOps - Speed and Scale Language Support Software developers need rapid feedback on security CodeSonar supports many popular languages, including vulnerabilities in their code. CodeSonar can be integrated into C/C++, Java, C# and Android, as well as support for native software development environments, works unobtrusively to binaries in Intel, Arm and PowerPC instruction set architectures. the developer and provides rapid feedback. CodeSonar also supports OASIS SARIF, for exchange of information with other tools in the DevSecOps environment. Examples of Defects Detected • Buffer over- and underruns • Cast and conversion problems • Command injection • Copy-paste error • Concurrency • Ignored return value • Memory leak • Tainted data • Null pointer dereference • Dangerous function • Unused parameter / value And hundreds more Security Quality Privacy Broad coverage of security vulnerabilities, Integration into DevSecOps to improve Checkers that detect performance including OWASP Top10, SANS/CWE 25. quality of the code and developer impacts such as unnecessary test for Support for third party applications efficiency. Find code quality and nullness, creation of redundant objects or through byte code analysis. performance issues at speed. superfluous memory writes. Team Support Built In CodeSonar is designed to support large teams.
    [Show full text]
  • Grammatech Codesonar Product Datasheet
    GRAMMATECH CODESONAR PRODUCT DATASHEET Static Code Analysis and Static Application Security Testing Software Assurance Services Delivered by a senior software CodeSonar empowers teams to quickly analyze and validate the code – source and/or binary – engineer, the software assurance identifying serious defects or bugs that cause cyber vulnerabilities, system failures, poor services focus on automating reliability, or unsafe conditions. reporting on your software quality, creating an improvement plan and GrammaTech’s Software Assurance Services provide the benets of CodeSonar to your team in measuring your progress against that an accelerated timeline and ensures that you make the best use of SCA and SAST. plan. This provides your teams with reliable, fast, actionable data. GrammaTech will manage the static Enjoy the Benets of the Deepest Static Analysis analysis engine on your premises for you, such that your resources can Employ Sophisticated Algorithms Comply with Coding Standards focus on developing software. The following activities are covered: CodeSonar performs a unied dataow and CodeSonar supports compliance with standards symbolic execution analysis that examines the like MISRA C:2012, IS0-26262, DO-178B, Integration in your release process computation of the entire program. The US-CERT’s Build Security In, and MITRE’S CWE. Integration in check-in process approach does not rely on pattern matching or similar approximations. CodeSonar’s deeper Automatic assignment of defects analysis naturally nds defects with new or Reduction of parse errors unusual patterns. Review of warnings Analyze Millions of Lines of Code Optimization of conguration CodeSonar can perform a whole-program Improvement plan and tracking analysis on 10M+ lines of code.
    [Show full text]
  • Codesonar for C# Datasheet
    DATASHEET CodeSonar C# SAST when Safety and Security Matter Accelerate Application Security Software teams are under constant pressure to deliver more content with higher complexity, in shorter timeframes, with increased quality and security. Static Application Security Testing is a proven best practice to help software teams deliver the best code in the shortest timeframe. GrammaTech has been a leader in this field for over 15 years with CodeSonar delivering C# multi-language SAST capabilities for enterprises where software quality and software security matter. DevSecOps - Speed and Scale Abstract Interpretation Software developers need rapid feedback on security GrammaTech SAST tools use the concept of abstract vulnerabilities in their work artifacts. CodeSonar can be interpretation to statically examine all the paths through the integrated into software development environments, can work application and understand the values of variables and how they unobtrusively to the developer and provide rapid feedback. impact program state. Abstract interpretation gives CodeSonar for C# the highest scores in vulnerability benchmarks. Security Quality Privacy Broad coverage of security vulnerabilities, Integration into DevSecOps to improve Checkers that detect performance including OWASP Top10, SANS/CWE 25. quality of the code and developer impacts such as unnecessary test for Support for third party applications efficiency. Find code quality and nullness, creation of redundant objects or through byte code analysis. performance issues at speed. superfluous memory writes. Use Cases Enterprise customers are using C# in their internal applications, either in-house built, or built by a third-party. Static analysis is needed to to improve security and quality to drive business continuity. Mobile and Client customers are using C# on end-points, sometimes in an internet-of-things deployment, or to provide information to mobile users.
    [Show full text]
  • Malware Detection Advances in Information Security
    Malware Detection Advances in Information Security Sushil Jajodia Consulting Editor Center for Secure Information Systems George Mason University Fairfax, VA 22030-4444 email: ja jodia @ smu.edu The goals of the Springer International Series on ADVANCES IN INFORMATION SECURITY are, one, to establish the state of the art of, and set the course for future research in information security and, two, to serve as a central reference source for advanced and timely topics in information security research and development. The scope of this series includes all aspects of computer and network security and related areas such as fault tolerance and software assurance. ADVANCES IN INFORMATION SECURITY aims to publish thorough and cohesive overviews of specific topics in information security, as well as works that are larger in scope or that contain more detailed background information than can be accommodated in shorter survey articles. The series also serves as a forum for topics that may not have reached a level of maturity to warrant a comprehensive textbook treatment. Researchers, as well as developers, are encouraged to contact Professor Sushil Jajodia with ideas for books under this series. Additional titles in the series: ELECTRONIC POSTAGE SYSTEMS: Technology, Security, Economics by Gerrit Bleumer; ISBN: 978-0-387-29313-2 MULTIVARIATE PUBLIC KEY CRYPTOSYSTEMS by Jintai Ding, Jason E. Gower and Dieter Schmidt; ISBN-13: 978-0-378-32229-2 UNDERSTANDING INTRUSION DETECTION THROUGH VISUALIZATION by Stefan Axelsson; ISBN-10: 0-387-27634-3 QUALITY OF PROTECTION: Security Measurements and Metrics by Dieter Gollmann, Fabio Massacci and Artsiom Yautsiukhin; ISBN-10; 0-387-29016-8 COMPUTER VIRUSES AND MALWARE by John Aycock; ISBN-10: 0-387-30236-0 HOP INTEGRITY IN THE INTERNET by Chin-Tser Huang and Mohamed G.
    [Show full text]
  • Software Vulnerabilities Principles, Exploitability, Detection and Mitigation
    Software vulnerabilities principles, exploitability, detection and mitigation Laurent Mounier and Marie-Laure Potet Verimag/Université Grenoble Alpes GDR Sécurité – Cyber in Saclay (Winter School in CyberSecurity) February 2021 Software vulnerabilities . are everywhere . and keep going . 2 / 35 Outline Software vulnerabilities (what & why ?) Programming languages (security) issues Exploiting a sofwtare vulnerability Software vulnerabilities mitigation Conclusion Example 1: password authentication Is this code “secure” ? boolean verify (char[] input, char[] passwd , byte len) { // No more than triesLeft attempts if (triesLeft < 0) return false ; // no authentication // Main comparison for (short i=0; i <= len; i++) if (input[i] != passwd[i]) { triesLeft-- ; return false ; // no authentication } // Comparison is successful triesLeft = maxTries ; return true ; // authentication is successful } functional property: verify(input; passwd; len) , input[0::len] = passwd[0::len] What do we want to protect ? Against what ? I confidentiality of passwd, information leakage ? I control-flow integrity of the code I no unexpected runtime behaviour, etc. 3 / 35 Example 2: make ‘python -c ’print "A"*5000’‘ run make with a long argument crash (in recent Ubuntu versions) Why do we need to bother about crashes (wrt. security) ? crash = consequence of an unexpected run-time error not trapped/foreseen by the programmer, nor by the compiler/interpreter ) some part of the execution: I may take place outside the program scope/semantics I but can be controled/exploited by an attacker (∼ “weird machine”) out of scope execution runtime error crash normal execution possibly exploitable ... security breach ! ,! may break all security properties ... from simple denial-of-service to arbitrary code execution Rk: may also happen silently (without any crash !) 4 / 35 Back to the context: computer system security what does security mean ? I a set of general security properties: CIA Confidentiality, Integrity, Availability (+ Non Repudiation + Anonymity + .
    [Show full text]
  • Product Datasheet Cyber Hardening
    PRODUCT CYBER HARDENING SERVICES DATASHEET Secure Your Systems in Today’s Connected World The cyber world is evolving rapidly. New threats are discovered every day and your existing systems are likely vulnerable against them. Fixing these threats is expensive in time and money as it involves going back and making changes to the software, re-testing and then re-delivering. This is not an option as the lead-time is too great, the original source code or build environment is not available, or because of a myriad of other reasons. Cyber Grand Challenge GrammaTech Cyber Hardening Services change the game and allow you to x GrammaTech’s Cyber Hardening cyber security vulnerabilities directly in the binary executable for your systems Services were demonstrated in the without having to go back to source code. DARPA Cyber Grand Challenge, a machine against machine hacking GrammaTech’s Cyber Hardening has been proven to protect from both common competition. GrammaTech took programming errors as well as control ow hijacking attacks. away the second price in this competition and had the highest Hardened defensive score. Application Application Binary Cyber Hardening Real-World Example: Binary Analysis Transformation Do you have a deployed system with OpenSSL version 1.0.1 prior to 1.0.1g? If so, your system is likely • Error amplication • Vulnerability discovery vulnerable to the Heartbleed bug • Generic hardening (CVE-2014-0160). GrammaTech’s • Exploitability • Point patching Cyber Hardening Services can secure your system against Heartbleed without making any changes to your software’s source code. Overview There is no one-size-ts-all approach to security.
    [Show full text]
  • Code Review Guide
    CODE REVIEW GUIDE 2.0 RELEASE Project leaders: Larry Conklin and Gary Robinson Creative Commons (CC) Attribution Free Version at: https://www.owasp.org 1 F I 1 Forward - Eoin Keary Introduction How to use the Code Review Guide 7 8 10 2 Secure Code Review 11 Framework Specific Configuration: Jetty 16 2.1 Why does code have vulnerabilities? 12 Framework Specific Configuration: JBoss AS 17 2.2 What is secure code review? 13 Framework Specific Configuration: Oracle WebLogic 18 2.3 What is the difference between code review and secure code review? 13 Programmatic Configuration: JEE 18 2.4 Determining the scale of a secure source code review? 14 Microsoft IIS 20 2.5 We can’t hack ourselves secure 15 Framework Specific Configuration: Microsoft IIS 40 2.6 Coupling source code review and penetration testing 19 Programmatic Configuration: Microsoft IIS 43 2.7 Implicit advantages of code review to development practices 20 2.8 Technical aspects of secure code review 21 2.9 Code reviews and regulatory compliance 22 5 A1 3 Injection 51 Injection 52 Blind SQL Injection 53 Methodology 25 Parameterized SQL Queries 53 3.1 Factors to Consider when Developing a Code Review Process 25 Safe String Concatenation? 53 3.2 Integrating Code Reviews in the S-SDLC 26 Using Flexible Parameterized Statements 54 3.3 When to Code Review 27 PHP SQL Injection 55 3.4 Security Code Review for Agile and Waterfall Development 28 JAVA SQL Injection 56 3.5 A Risk Based Approach to Code Review 29 .NET Sql Injection 56 3.6 Code Review Preparation 31 Parameter collections 57 3.7 Code Review Discovery and Gathering the Information 32 3.8 Static Code Analysis 35 3.9 Application Threat Modeling 39 4.3.2.
    [Show full text]
  • Applications of SMT Solvers to Program Verification
    Nikolaj Bjørner Leonardo de Moura Applications of SMT solvers to Program Verification Rough notes for SSFT 2014 Prepared as part of a forthcoming revision of Daniel Kr¨oningand Ofer Strichman's book on Decision Procedures May 19, 2014 Springer Contents 1 Applications of SMT Solvers ............................... 5 1.1 Introduction . .5 1.2 From Programs to Logic . .6 1.2.1 An Imperative Programming Language Substrate. .6 1.2.2 Programs that are logic in disguise . .8 1.3 Test-case Generation using Dynamic Symbolic Execution . .9 1.3.1 The Application . .9 1.3.2 An Example . 10 1.3.3 Methodolgy. 11 1.3.4 Interfacing with SMT Solvers . 13 1.3.5 Industrial Adoption . 14 1.4 Symbolic Software Model checking . 15 1.4.1 The Application . 15 1.4.2 An Example . 15 1.4.3 Methodolgy. 16 1.4.4 Interfacing with SMT Solvers . 18 1.4.5 Industrial Adoption . 18 1.5 Static Analysis . 19 1.5.1 The Application . 19 1.5.2 An Example . 20 1.5.3 Methodolgy. 20 1.5.4 Interfacing with SMT Solvers . 22 1.5.5 Industrial Adoption . 22 1.6 Program Verification . 23 1.6.1 The Application . 23 1.6.2 An Example . 23 1.6.3 Methodolgy. 25 1.6.4 Bit-precise reasoning . 28 1.6.5 Industrial Adoption . 29 1.7 Bibliographical notes . 29 4 Contents References ..................................................... 31 1 Applications of SMT Solvers 1.1 Introduction A significant application domain for SMT solvers is in the analysis, verifi- cation, testing and construction of programs.
    [Show full text]
  • Report on the Third Static Analysis Tool Exposition (SATE 2010)
    Special Publication 500-283 Report on the Third Static Analysis Tool Exposition (SATE 2010) Editors: Vadim Okun Aurelien Delaitre Paul E. Black Software and Systems Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899 October 2011 U.S. Department of Commerce John E. Bryson, Secretary National Institute of Standards and Technology Patrick D. Gallagher, Under Secretary for Standards and Technology and Director Abstract: The NIST Software Assurance Metrics And Tool Evaluation (SAMATE) project conducted the third Static Analysis Tool Exposition (SATE) in 2010 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were to enable empirical research based on large test sets, encourage improvements to tools, and promote broader and more rapid adoption of tools by objectively demonstrating their use on production software. Briefly, participating tool makers ran their tool on a set of programs. Researchers led by NIST performed a partial analysis of tool reports. The results and experiences were reported at the SATE 2010 Workshop in Gaithersburg, MD, in October, 2010. The tool reports and analysis were made publicly available in 2011. This special publication consists of the following three papers. “The Third Static Analysis Tool Exposition (SATE 2010),” by Vadim Okun, Aurelien Delaitre, and Paul E. Black, describes the SATE procedure and provides observations based on the data collected. The other two papers are written by participating tool makers. “Goanna Static Analysis at the NIST Static Analysis Tool Exposition,” by Mark Bradley, Ansgar Fehnker, Ralf Huuck, and Paul Steckler, introduces Goanna, which uses a combination of static analysis with model checking, and describes its SATE experience, tool results, and some of the lessons learned in the process.
    [Show full text]
  • CURRICULUM VITAE THOMAS REPS July 2021 J. Barkley Rosser Professor & Rajiv and Ritu Batra Chair
    CURRICULUM VITAE THOMAS REPS September 2021 J. BarkleyRosser Professor & Rajivand Ritu Batra Chair (608) 262-2091 (Office) Computer Sciences Department (608) 262-1204 (Secretary) University of Wisconsin [email protected] 1210 West Dayton Street http://pages.cs.wisc.edu/~reps/ Madison, Wisconsin 53706 Birth: May 28, 1956 (Ithaca, NY USA) Citizenship: United States EDUCATION 1982 Ph.D., Cornell University Computer Science 1982 M.S., Cornell University Computer Science 1977 B.A., cum laude,Harvard University Applied Mathematics POSITIONS 2007−08 Guest Professor,University of Paris 7, Paris, France 2000−01 Visiting Researcher,Consiglio Nazionale delle Ricerche (CNR), Pisa, Italy 1993−94 Guest Professor,Datalogisk Institut, University of Copenhagen, Copenhagen, Denmark 1990−93 Associate Chairman, Computer Sciences Department, University of Wisconsin 1988−2019 Co-founder and President, GrammaTech, Inc. 1985− Professor,Comp. Sci. Dept., Univ. ofWisconsin, (Asst.: 85−88; Assoc.: 88−94; Full: 94−) 1984−85 Research Associate, Department of Computer Science, Cornell University 1982−83 Visiting Researcher,INRIA, Rocquencourt, France 1982−84 Post-Doctoral Associate, Department of Computer Science, Cornell University AW ARDS AND HONORS 2017 ACM SIGPLAN Programming Languages Achievement Award 2015 WARF Named Professorship, University of Wisconsin 2014 #4 (field rating) and #7 (citations) on Microsoft Academic Search’slist of most-highly-cited authors in Programming Languages (as of 8/27/2014) 2014 #13 (field rating) and #19 (citations) on Microsoft Academic Search’slist of most-highly-cited authors in Software Engineering (as of 8/27/2014) 2013 Foreign member,Academia Europaea 2005 ACM Fellow 2003 Recognized as a “Highly Cited Researcher” in the field of Comp.
    [Show full text]