Over the last few years, third-party code has moved from a minor factor in software development to a dominant force in the industry.
According to VDC Research, the majority of software that runs on embedded devices is now developed by external sources, as opposed to in-house development teams. As a result of this outsourcing, the behaviors of significant parts of applications are actually hidden from most of today's popular code analysis tools.
GrammaTech's CodeSonar, on the other hand, uses binary analysis to examine third-party code without access to its source code. This paper describes how to use binary analysis to inspect your third-party code for security vulnerabilities and other errors.