GrammaTech and NetSPI Partner to Offer Defensive and Offensive Application Security Solutions

Code and Penetration Testing Leaders Joins Forces to Provide Comprehensive Attack Surface Management

BETHESDA, Md. & MINNEAPOLIS–(BUSINESS WIRE)–#AppSecGrammaTech, a leading provider of application security testing products and software research services, and NetSPI, the leader in offensive security, today announced a partnership to help customers automate product security for automotive, aerospace, medical device and other security and safety critical markets. Together, NetSPI’s offensive security solutions and the GrammaTech CodeSonar binary SAST (static application security testing) platform provide comprehensive visibility into and remediation for code security risks.

The companies are collaborating on go-to-market activities to provide customers with a single source for application security. GrammaTech and NetSPI offer an end-to-end solution to discover, prioritize, and remediate security vulnerabilities in both source and binary code. In addition, the GrammaTech CodeSentry binary SCA (software composition analysis) platform enables organizations to quickly understand supply chain risk in final or post production binaries, without requiring source code.

GrammaTech will demonstrate its CodeSonar and CodeSentry SBOM products at RSA Conference 2023 at Booth 5300 in the North Expo, while NetSPI will be at Booth 5618 in the North Expo.

“Ongoing cybersecurity awareness and evaluation is key to strong application security,” said Lauren Gimmillaro, VP of Business Development & Strategic Alliances at NetSPI. “Through our NetSPI and GrammaTech Partnership, we’re able to provide mutual clients with a proactive and continuous approach to application security testing by combining GrammaTech’s always-on SAST and SCA scanning offering alongside NetSPI’s comprehensive offensive security solutions.”

“Together, penetration testing and application security testing provide comprehensive protection against safety and security vulnerabilities reaching market ready products,” said Tom van Gorder, Chief Revenue Officer for GrammaTech. “This partnership with NetSPI provides customers with a single source for accessing the industry’s leading code security solutions that span development, testing, feedback and deployment.”

CodeSonar’s SAST analysis supports all leading product development languages (C, C++, C# and Java) in one unified platform. The platform supports the validation of coding standards and best practices including MISRA, JPL, CERT-C and static verification using formal method concepts to find defects including runtime errors, buffer overruns, API misuse, misuse of socket API, suspicious behavior, dead code and unused variables. It finds defects that impact software quality and security, and scales to meet the most rigorous real-world requirements, programs and processes. Meanwhile, the CodeSentry software supply chain security platform uses binary software composition analysis (BSCA) to enable organizations to detect security vulnerabilities contained in third party code.

NetSPI’s Attack Surface Management (ASM) utilizes leading technology and our expert human penetration testing teams to continuously discover, inventory, test, and prioritize known and unknown assets and exposures on your global external attack surface. Our Attack Surface Ops team reviews and organizes results reducing burden on internal teams.

About GrammaTech

GrammaTech is a leading global provider of application security testing (AST) solutions used by the world’s most security conscious organizations to detect, measure, analyze and resolve vulnerabilities for software they develop or use. The company is also a trusted cybersecurity and artificial intelligence research partner for the nation’s civil, defense, and intelligence agencies. GrammaTech has corporate headquarters in Bethesda MD, a Research and Development Center in Ithaca NY, and publishes Shift Left Academy, an educational resource for software developers. Visit us at, and follow us on LinkedIn and Twitter.

About NetSPI

NetSPI is the leader in enterprise penetration testing, attack surface management, and breach and attack simulation – the most comprehensive suite of offensive security solutions. Through a combination of technology innovation and human ingenuity NetSPI helps organizations discover, prioritize, and remediate security vulnerabilities. For over 20 years, its global cybersecurity experts have been committed to securing the world’s most prominent organizations, including nine of the top 10 U.S. banks, four of the top five leading global cloud providers, four of the five largest healthcare companies, three FAANG companies, seven of the top 10 U.S. retailers & e-commerce companies, and many of the Fortune 500. NetSPI is headquartered in Minneapolis, MN, with global offices across the U.S., Canada, the UK, and India.

CodeSonar® and CodeSentry® are registered trademarks of GrammaTech, Inc.



Marc Gendron

Marc Gendron PR for GrammaTech


Tori Norris, NetSPI
(630) 258-0277

Jessica Bettencourt, Inkhouse for NetSPI
(774) 451-5142

error: Content is protected !!