in Aerospace / Security / Space

AdaCore introduces GNAT Pro Assurance with reinforced security support

Posted 15 March 2022 · Add Comment

Provider of software development and verification tools, AdaCore, today announced that the latest version of its signature GNAT Pro Assurance product has introduced a service that helps customers with their vulnerability mitigation strategy for third-party tools.

Image copyright Shutterstock

With GNAT Pro Assurance 22, customers can request a detailed list of known problems, each keyed to The MITRE Corporation’s Common Vulnerability Enumeration (CVE) database. Vulnerability reports are provided in machine-readable CVE JSON format as well as human-readable PDF reports.

In addition to this information, AdaCore now produces Software Bills of Materials (SBOM). SBOMs are supplied in the industry-standard Software Package Data Exchange (SPDX) format, allowing automated incorporation into customers’ vulnerability management and reporting systems.

GNAT Pro Assurance is the top-tier edition of AdaCore’s GNAT Pro product line and offers a complete Ada solution: a comprehensive suite of development and verification tools, a configurable runtime library and several specialised small-footprint runtimes.

It is geared toward developers of safety- and/or security-critical applications that require long-term maintenance, including but not limited to projects that need to meet domain-specific software assurance standards.

For safety certification, such standards include DO-178C (airborne software), EN 50128 (rail), ECSS-E-ST-40C and ECSS-Q-ST-80C (space) and ISO 26262 (automotive and industrial systems).

On the security side, relevant standards include DO-326A / ED-202A and DO-356A / ED-203A (airworthiness). For each of these safety or security standards, certification and/or qualification material for specific run-time libraries and/or tools are available to GNAT Pro Assurance customers through an optional certification support service.

Unique to GNAT Pro Assurance, the sustained branch service allows a customer to choose a specific version of the technology and receive workarounds or product updates for that version as needed to deal with critical issues. This offers guaranteed product stability, with controlled evolution to correct problems that do not have realistic workarounds.

“The challenge with software security is that vulnerabilities can and will be discovered after a system has been deployed, and systems are typically multilayered with interdependent components from different vendors,” said Alexander Senier, Lead of Cybersecurity at AdaCore. “A vulnerability that one vendor fixes might require an expensive correction in another component; if that vendor fails to make that correction, then the entire system may be insecure. With GNAT Pro Assurance, our customers don't get into such a situation.

"We provide sustained branches, we perform automatic analyses of known vulnerabilities on those branches and make them available to customers, we analyse whether security issues found in current GNAT Pro versions are present in sustained branches and port security fixes to those older versions if necessary. This enables customers to have their systems deployed securely throughout the project’s lifetime.”

“Ada is a language of choice for developers of long-lived high-reliability software, and the sustained branch service for GNAT Pro Assurance meets the needs for both stability in the product and corrections to critical problems,” said Jamie Ayre, Commercial Director at AdaCore. “Solving a blocking problem by moving to a new product version that introduces unrelated enhancements may fix one defect but could introduce regressions or trigger other problems.

"With GNAT Pro Assurance’s sustained branch service, which stands out in the industry, a customer can lock in a specific version of the product and then receive updates only when needed to address a critical issue.”

* required field

Post a comment

Other Stories
Advertisement
Latest News

Serco acquires Sapienza

Serco Group plc has entered into an agreement to acquire Sapienza Group, from TP Group plc, to expand its offering to the European space sector.

Menzies Aviation renews Air Canada contract at Heathrow

Menzies Aviation today announced it has renewed a significant ground services contract with Air Canada at Heathrow Airport (LHR) and won new business at Copenhagen Airport (CPH).

Views sought to boost security of UK data centres and cloud services

Looking to strengthen security and resilience of UK’s data infrastructure to protect against outages and national security threats, the Government has announced it is seeking views on how to boost the security and resilience of

UK Government to host AFF22 onboard HMS Prince of Wales in New York

On 28th-29th September, the UK Government will host the Atlantic Future Forum (AFF22) on the aircraft carrier HMS Prince of Wales in New York, bringing together senior politicians, policymakers, military leaders, academia, business

Stay ahead of the airplane

Neil Ballinger, head of EMEA at EU Automation, looks at ways of stepping up to the challenges currently facing aerospace supply chains.

Airbus launches UK ZEDC

Airbus is strengthening its presence in the UK with the launch of a Zero Emission Development Centre (ZEDC) for hydrogen technologies, to be based in Filton, Bristol.

ODU SK0105310522
See us at
Advanced Engin BT2504031122Future Arm Vehicles Active Protection Systems BTFuture Arm Vehicles Power Systems BTFuture Armoured Vehicles Weapon Systems BTDVD BT2704220922