Archive for January, 2009

  • Software Complexity, Lines of Code and Digital Derby

    on Jan 27, 09 • by Brendan Harrison • with 4 Comments

    Many of us have seen the # of lines of code (LOC) stats that get thrown around as a metric for illustrating how complex software development has become: The U.S. Army’s Future Combat System is estimated at 60 million lines of code (MLOC) The software that runs the Boeing 787 is almost 7 MLOC, triple that of the 777 GM says future cars will have >100 MLOC (that sounds high, but hey, <insert GM joke here>) So, yes there’s a lot of code out there, it’s growing, and it’s getting more complex. It’s tough to

    Read More »
  • How Software is Built: Executive &AQ

    on Jan 23, 09 • by Lynn Gayowski • with No Comments

    Sean Campbell: Gwyn, why don’t you start with your background and tell us a bit about Klocwork? Gwyn Fisher: Sure. I’m the Chief Technology Officer at Klocwork. I’ve been with Klocwork for a couple of years now, and as a consultant, actually, working with them for several years before that. Klocwork was founded in 2001 as a spinoff from Nortel Networks. The Nortel research group that created our basic technology was centered on the head of the CASE department at ISPRAS, part of the Russian Academy of Sciences and affiliated with the Moscow State University,

    Read More »
  • Klocwork Celebrates Strong Momentum Through 2008

    on Jan 20, 09 • by Meranda Powers • with No Comments

    Exceptional year highlighted by product innovation, industry accolades, and continued channel and customer growth BURLINGTON, Mass. — Jan 20, 2009 — Klocwork, Inc., the proven leader in automated source code analysis solutions for improving software security and quality, today announced outstanding corporate development through 2008. Following the release of its ground breaking source code analysis (SCA) tool, Klocwork Insight, in January last year, Klocwork experienced continued market recognition and increased adoption of its sophisticated source code analysis capabilities for software developers. As 2008 came to a close, Klocwork saw 40 percent year over year customer

    Read More »
  • CWE Top 25

    on Jan 13, 09 • by Gwyn Fisher • with 5 Comments

    Another year, another list of the most obvious things that competent developers should already know how to avoid? This one even has the NSA backing it, as well as the usual laundry list of pimping vendors attempting to make PR out of anything remotely related to homeland security… Quick, where do I sign up? OK, perhaps that’s a bit cynical, but I have to say that my usual reaction to any web application-centric security laundry list is that most developers in that space write crap code, so why should we be surprised, or expect that

    Read More »
  • Java source code vs bytecode analysis

    on Jan 6, 09 • by Alen Zukich • with No Comments

    David posted an interesting discussion on the usage of static analysis tools by developers to find security vulnerabilities.  As always the discussion with static analysis tools lean towards the false positive and false negative discussion.  But also David mentions their results are sometimes difficult to understand.   This is one of the reasons Klocwork switched from a bytecode analysis tool for Java to a source code analysis tool.  As both have their advantages and disadvantages (and I admit I’m very biased here) we have certainly found that we have been able to reduce our false positive

    Read More »
Scroll to top