TrustInSoft is a leader in application security testing tools and services, specializing in the formal verification of C and C++ source code to ensure safety, security, and reliability. The company leverages advanced formal methods, including abstract interpretation, to deliver mathematical guarantees that software is free from critical defects and vulnerabilities. TrustInSoft’s technology was originally developed in a research environment and has since been recognized by the US National Institute of Standards and Technology (NIST) for its ability to mathematically prove the absence of vulnerabilities in software. The company serves a diverse range of industries including automotive, aerospace, defense, and consumer electronics.
Interview with Gavin Hill, CMO at TrustInSoft.
What are the main areas of activity of the company?
Gavin Hill: TrustInSoft’s main areas of activity include:
- Software Safety and Security: Ensuring software is free from critical defects and vulnerabilities through exhaustive static analysis and abstract interpretation.
- Formal Verification: Providing mathematical guarantees on the correctness and robustness of software using advanced formal methods.
- Automotive and Embedded Systems: Specializing in the verification of embedded software for automotive, aerospace, and other critical applications.
- Compliance: Helping clients meet rigorous industry standards such as ISO 26262 for automotive safety and ISO 21434 for automotive cybersecurity.
What’s the news about new products/services?
G.H: The latest release of TrustInSoft Analyzer introduces several significant enhancements designed to simplify complex tasks and ensure alignment with industry standards. Key updates in this version include:
- Enhanced Usability with TrustInSoft Project Manager: This new feature streamlines workflow and improves project navigation, allowing users to manage complex analysis projects more efficiently. This leads to increased productivity and faster delivery of high-quality software.
- Standards Testing Automation: TrustInSoft Analyzer 1.47 automates code analysis for the AUTOSARstandard, crucial for automotive software development. It reduces manual efforts by generating necessary header files, function stubs, analysis drivers, and configuration parameters. Additionally, it offers enhanced reporting for CERT C compliance, ensuring that software meets the highest security and quality standards with ease.
- Test Coverage and Trend Reporting: The introduction of Input Coverage Metrics and trend reporting capabilities provides comprehensive insights into code analysis coverage and project trends. These features help identify untested paths, track improvements, and make informed decisions, thereby enhancing project outcomes and guiding projects to success with confidence.
E.E: What are the ranges of products/services?
G.H: TrustInSoft offers:
- TrustInSoft Analyzer: An exhaustive static code analysis tool that uses formal methods, including abstract interpretation, to provide exhaustive verification of C and C++ code.
- Consulting Services: Expertise in integrating formal methods into existing development processes, ensuring compliance with safety and security standards.
- Training and Support: Customizable training programs and dedicated support from C and C++ experts to help clients effectively use TrustInSoft Analyzer.
What is the state of the market where you are currently active?
G.H: The market for software verification and validation tools is growing rapidly, driven by increasing software complexity and the critical need for safety and security in industries such as automotive, aerospace, and defense. The automotive industry is experiencing significant growth in software and electronics that is being fueled by autonomous driving, connectivity, powertrain electrification, and shared mobility. As software becomes more integral to these sectors, the demand for robust verification tools like TrustInSoft Analyzer, which leverages abstract interpretation, continues to rise.
What can you tell us about market trends?
G.H: The complexity of automotive and embedded software is growing, necessitating advanced verification tools that employ formal methods like abstract interpretation to manage and mitigate risks. As an example, modern cars today contain up to 100 million lines of code.
The adoption of the shift-left approach, which involves integrating testing and security early in the software development lifecycle, is becoming more widespread. This approach helps catch and resolve issues sooner, reducing the likelihood of costly recalls and improving overall software quality. Our customers can reduce verification costs and timelines by a factor of 4 times the normal.
Stricter regulations, particularly in automotive and defense sectors, are pushing companies to adopt more rigorous verification techniques to ensure compliance and avoid costly recalls. Functional safety standards (ISO 26262) and cybersecurity standards (ISO 21434) are critical today.
What are the most innovative products/services marketed?
G.H: TrustInSoft Analyzer stands out due to its use of formal methods and abstract interpretation to provide exhaustive static analysis, offering mathematical guarantees on the absence of critical software defects. It’s very well suited for verifying safety-critical and security-critical software in automotive and aerospace applications. The Analyzer’s ability to detect all possible execution paths and verify software against a comprehensive set of formal specifications sets it apart from traditional static analysis tools.
What estimations do you have for 2024?
G.H: For 2024, TrustInSoft anticipates continued growth driven by the increasing demand for software verification tools in safety-critical industries. We expect to expand in the automotive and defense sectors, leveraging our unique capabilities in formal verification and abstract interpretation to address the rising complexity and stringent regulatory requirements of these industries. TrustInSoft also plans to enhance its product offerings with new features and integrations that support emerging industry standards and practices, further solidifying our position as a leader in application security testing tools for software safety and security.