Klocwork is pleased to work with the following organizations in our common pursuit of advancing the software development industry's understanding of software security and software quality. For more information about any of the organizations, please click on their logo to visit their web site.
Common Weakness Enumeration (CWE) CWE, or Common Weakness Enumeration, is a community-developed dictionary of common software weaknesses. International in scope and free for public use, CWE™ provides a unified, measurable set of software weaknesses that will enable more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code. Klocwork routinely reports potential software vulnerabilities to CWE for examination and inclusion in this dictionary.
[
cwe.mitre.org]
National Institute of Standards and Technology (NIST)Founded in 1901, NIST is a non-regulatory federal agency within the
U.S. Commerce Department's Technology Administration. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. Klocwork supports the efforts of NIST through our contributions to SAMATE and other open source security agencies.
[
http://www.nist.gov ]
Open Web Application Security Project (OWASP)The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. Everything here is free and open source. The OWASP Foundation is a 501c3 not-for-profit charitable organization that ensures the ongoing availability and support for our work. Participation in OWASP is free and open to all. Klocwork's source code analysis tools identify 9 of the top 10 OWASP security vulnerabilities - the 10th is not detectable using source code analysis tools.
[
www.owasp.org]
Software Assurance Metrics and Tool Evaluation (SAMATE)
SAMATE (or, the Software Assurance Metrics and Tool Evaluation) is sponsored by the U.S. Department of Homeland Security (DHS) National Cybersecurity Division and NIST. The objective of part 3, Technology (Tools and Requirements) is the identification, enhancement and development of software assurance tools. NIST is leading in (A) testing software evaluation tools, (B) measuring the effectiveness of tools, and (C) identifying gaps in tools and methods. The SAMATE project supports the DHS Software Assurance Tools and R&D Requirements Identification Program.
As of 2007, Klocwork secured a pass rate in excess of 90% in comprehensive testing involving more than 1376 known security vulnerabilities provided by the Software Assurance Metrics and Tool Evaluation (SAMATE).
[
samate.nist.gov]
Java Community Process (JCP)
Since its introduction in 1998 as the open, participative process to develop and revise the Java™ technology specifications, reference implementations, and test suites, the Java Community Process (JCP) program has fostered the evolution of the Java platform in cooperation with the international Java developer community. As a member of this community, Klocwork will work within the JCP to ensure our products stay current with evolutions of the Java platform.
Java, Java Community Process, JCP, and the Java Community Process Logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
[
www.jcp.org]
BMC
