Archive for March, 2011

  • Klocwork Developer Network Set to Go Live

    on Mar 22, 11 • by Alan Weekes • with No Comments

    Our dilemma: How do we remove the barriers to knowledge about Klocwork's toolset, and developer best practices for creating high-quality code? The answer: Klocwork Developer Network--a new online portal designed for learning, sharing and discussing all things source code analysis.

    Read More »
  • Static analysis cures all ills?

    on Mar 17, 11 • by Alen Zukich • with No Comments

    There was a recent article from Mark Pitchford titled: “Think static analysis cures all ills? Think again.” Obviously being biased working here at Klocwork, I take a major exception to what Mark has to say. This article makes ridiculous claims. About the only thing Mark got right was that static analysis has been around for a long time. However it’s ludicrous to think that they’re the same as they were in the past. That’s like saying computers from decades ago are the same as today. The advancement has been huge for static analysis tools, especially in the last couple

    Read More »
  • All static analysis tools are not created equal

    on Mar 8, 11 • by Brendan Harrison • with No Comments

    Yes, it’s true (!) and as anyone in this space knows there is a huge difference between static analysis tools, their level of sophistication, and their approach to developer adoption. Gary McGraw & John Steven from Cigital describe their views on this topic including ‘5 pitfalls’ that customers should avoid when evaluating tools. These pitfalls mostly amount to the fact that analysis results across different tools, code bases, and tool operators can make results vary significantly, so be aware of this fact when conducting your benchmarking. Their overall recommendation: “The upshot? Use your own code instead

    Read More »
  • Another resource leak

    on Mar 1, 11 • by Alen Zukich • with 1 Comment

    It happened again.  For what seems like the 100th time, someone reports to me that they are seeing a number of false positive reports on the resource leak checker.  For those not familiar with a resource leak, take a look at a previous post.  Although resource leaks apply across most languages, the place where this question keeps coming  up seems to always be in Java or C# code.  My last query came from Java code, so we will use that as an example.  Here was a report where the FileInputSteam is not closed on exit

    Read More »
Scroll to top