Revisions to GrammaTech’s CodeSonar software analysis tool for C/C++, Java, and machine code are designed to further improve code quality and security while accelerating time-to-market. Designed for zero-tolerance embedded defect environment, CodeSonar analyzes binary code and source code to identify security and quality liabilities that cause system crashes, memory corruption, leaks, data races, and other vulnerabilities. The latest version 4.0 includes new integrated binary analysis to analyze externally produced software without access to its source code. Software Supply Chain Risk Management (SCRM) eliminates dangerous quality and security blindspots created via open-source or third-party components/libraries. In terms of standards compliance, there’s built-in analysis for MISRA C 2012, in addition to existing DO-178 capabilities. To improve multi-core development, new Java-specific concurrency defect-detection capabilities defend against errors such as race conditions, deadlocks, and livelocks. Embedded security gets a boost from a visual tainted-data analysis capability. It helps developers find and eliminate vulnerabilities caused by potentially dangerous information flows.