Klocwork | News & Events: KLOCWORK ANNOUNCES EXPANDED SECURITY VULNERABILITY DETECTION

KLOCWORK ANNOUNCES EXPANDED SECURITY VULNERABILITY DETECTION

K7.7 Pass Rate Exceeds 90% Mark for SAMATE Security Flaws

BURLINGTON, Mass. - May 7, 2007 - Klocwork Inc., the proven leader of automated source code analysis software for improving software security and quality, today announced the release of Klocwork K7.7, building upon Klocwork's enterprise-grade static analysis product suite with some notable security enhancements. In comprehensive testing involving more than 1376 known security vulnerabilities provided by the Software Assurance Metrics and Tool Evaluation (SAMATE), sponsored by the National Institute of Science and Technology (NIST) and the United States Department of Homeland Security, Klocwork secured a pass rate in excess of 90%. As part of the company's comprehensive effort to show leadership in the capabilities of its security source code analysis technology, Klocwork successfully detected an extremely wide range of important C, C++ and Java security vulnerabilities including; buffer overflows, SQL injections, null pointer dereferences, cross site scripting, memory management issues and many other types of vulnerabilities.

A critical element of the K7.7 release is the expanded IDE support for Visual Studio .Net 2005 and IntelliJ IDEA, which allow developers to analyze their code within their own development environment - greatly reducing the cost of repairing flaws. K7.7 also introduces expanded stack traces for easier defect comprehension in Klocwork-supported IDEs, and the Klocwork Central web interface, which allows developers to quickly identify key security vulnerabilities.

K7.7 has added a number of notable upgrades including:

New checker capabilities. K7.7 has added the ability to tag certain Java methods as unsafe, new Java coding warning practices and has improved the accuracy rate for existing C/C++ and Java checkers.
Enhanced reporting capabilities. Klocwork remains the only static analysis solution provider to offer comprehensive analysis capabilities that provide quality and security metrics and trending reports, as well as architectural modeling tools.

"Up to now, the general consensus around software security and quality was that flaws were simply an inconvenience. Corporations, and by extension the general public, have begun to understand that software applications control critical applications in industries such as aerospace, finance, computer hardware, medical technology, safety critical embedded and transportation. If these applications were to be compromised, the results could be devastating," said Gwyn Fisher, CTO of Klocwork. "As a result, developers are getting serious about software security and need industrial-strength automated tools to identify these potential threats so they can be corrected at time zero - the lowest cost-correction point in the software development process."

Klocwork K7.7 continues to automatically incorporate customer feedback and run test cases on SAMATE security vulnerabilities as part of their quality assurance process. This ongoing analysis serves as a complement to Klocwork's industry-leading defect and vulnerability identification, architectural analysis, and comprehensive software metrics and reporting tools. The enhanced capabilities of K7.7 will provide developers with the ability to detect potential problems early in the development lifecycle, therefore freeing up more time for creativity.

About Klocwork
Klocwork is an enterprise software company providing automated source code analysis software products that automate security vulnerability and quality risk assessment, remediation and measurement for C, C++ and Java software. More than 250 organizations have integrated Klocwork's automated source code analysis tools into their software development process in order to ensure their code is free of mission-critical flaws while freeing their developers to focus on what they do best - innovate.

Contact Klocwork for more information at www.klocwork.com or info@klocwork.com.

Klocwork and the Klocwork logo are registered trademarks of Klocwork, Incorporated in the United States and/or other countries. All other names are trademarks or registered trademarks of their respective companies.