Klocwork | News & Events: Klocwork K7 Delivers only Solution Addressing both Software Security and Software Quality in Integrated Suite

FOR IMMEDIATE RELEASE

Klocwork K7 Delivers only Solution Addressing both Software Security and Software Quality in Integrated Suite

Integrated Solution Enables Development Organizations to Address the $100 Billion Software Security Vulnerability and Quality Defect Problem

BURLINGTON, Mass. - June 15, 2005 - Klocwork Inc., the proven leader in delivering automated software solutions that improve software security and quality, announced today Klocwork K7, the first fully integrated software security and software quality solution that helps development teams ensure customer affecting software problems are found and fixed early in the software lifecycle. In K7, Klocwork has taken its proven set of automated static analysis products and significantly expanded their capabilities, uniting them into one complete solution that prevents software security and quality problems that can damage a company's financial bottom line, brand and reputation.

Klocwork has responded to the dramatic increase in security incidents targeted at software source code. By working with enterprise development teams and world-class security experts, Klocwork has significantly extended the capabilities of its products to provide all members of the development team with a holistic view of potential security and quality issues in their critical software code bases. Klocwork's K7 seamlessly integrates into industry leading integrated development environments (IDEs) and customers' existing software development processes.

"Quality is an important differentiator for Cisco. It's part of our brand and it keeps us highly competitive," said Mike Turnlund, director of engineering at Cisco. "We've used Klocwork since 2002 to help us reach our quality goals and ensure that software quality issues don't become security vulnerabilities. Work that used to take dozens of engineers over a year to complete can now be accomplished by two to three people in a couple of weeks. We have been working with Klocwork throughout the development of K7, and are eager to take advantage of its significantly extended capabilities."

"Klocwork K7 allows organizations to address a $100 billion software security and quality problem," said Djenana Campara, founder and CTO of Klocwork. "Conservative estimates state that 25 to 50 percent of all developer time is spent tracking down security vulnerabilities and fixing software defects. Automating the 'white box testing' component of the development process offers significant cost savings and accelerated time to market for enterprise customers. K7 allows developers to identify code issues at time zero, before the defect or vulnerability is propagated throughout the code and before software is released to customers. When automated static analysis solutions are adopted, companies can then lower their development costs, minimize risks, and align their software strategies with their business goals."

K7 is purpose-built for deployment in today's complex software development environments, where numerous activities constantly compete for resources, including: offshoring, managing distributed development teams and environments, reusing code, updating outdated or limited documentation, and maintaining productivity despite staffing cuts. With K7, Klocwork has redefined automated static analysis products by significantly extending its proven capabilities to core members of the development team, including:

Management insight through better visibility into a company's software security and quality earlier in the development process by automating the collection and reporting of key software metrics and providing system-wide architectural visualization.
Auditor analysis to enable both security auditors and QA teams with objective analysis capabilities to identify potential corporate risks and generate detailed assessments of their security and quality.
Developer assistance through integration at the developer workstation, Klocwork can enable quality and security policy enforcement right at the developer's desktops, finding problems before they enter the code.

As with previous versions of Klocwork's products, the K7 solution is designed to work "in-process," a low-impact approach that integrates with customer's existing development tools and processes. In addition, Klocwork has added the following leading functionality to K7's automated static analysis solutions:

Leading security analysis. Klocwork has worked closely with major corporations to understand today's top security priorities, and has partnered with the world's foremost experts in software security to enrich K7's static analysis engine to identify potential C, C++ and Java security vulnerabilities. K7 alerts developers to issues in their code as they are working, and provides executives and managers with reports on the level of potential security issues, allowing them to manage the risk that may exist in their software.
Unparalleled accuracy. Klocwork uses advanced heuristics to ensure the accuracy of issues identified, allowing customers to immediately address their priority concerns.
Comprehensive reporting. K7 collects and presents teams with a comprehensive Web-based report of software development metrics, including, risk, churn, and security. Customers can set thresholds for their own key software performance indicators, and receive notifications when those indicators have surpassed a critical threshold and require immediate action - helping them stay on time and within their budget.
Intuitive usability. K7 provides the appropriate interface for every stakeholder in the development process. This includes integration into the developer's IDE of choice through a simple plug-in, a zero footprint delivery of reports through "Project Central," a Web-based interface to Klocwork analysis, and powerful reporting interfaces.
Unsurpassed flexibility. K7 allows customers to create their own defect, security vulnerability, or coding standard rules that meet their specific or unique requirements, while still leveraging all of the capabilities delivered by the K7 solution - assistance at the developer's desktop and through the comprehensive management reporting capabilities.

"With K7, Klocwork has enhanced its core capability of helping companies remove software bugs early in the development process, when defects have the least financial impact," said Tom Rhinelander, analyst with New Rowley Group. "K7's modular structure allows companies to initially use the product as a tool to remove defects or identify vulnerabilities, and then, over time, to invest in the rest of the suite's capabilities, such as enforcing coding best practices, analyzing code architecture, and monitoring the development process over time."

K7 is available in four packages: the Defect Discovery Edition, the Security Vulnerabilities Edition, Defects and Security Edition, and the Development Edition. Each of the packages address critical customer pain points and provides cross-functional teams with the tools needed to quickly identify software defects and vulnerabilities. In addition to an extensive list of checkers that focus on the most likely causes of security flaws and vulnerabilities, functionality available includes architectural controls, extensive metrics analysis, reporting and control, and extensibility to allow for custom analysis.

Availability
Klocwork's K7 release will be generally available June 30, 2005.

About Klocwork
Klocwork is the proven leader of static analysis solutions that deliver software security and software quality. Klocwork's products detect and prevent security vulnerabilities and software defects, and provide architectural visualization and modeling tools to provide dramatic improvements to company's source code. Klocwork's patented technology is deployed at over a dozen Fortune 500 accounts, known for having the most demanding software development environments in the world. Klocwork is a privately held company with offices in Burlington, Mass., San Jose, Calif., Chicago, Atlanta, Dallas, and Ottawa.

Klocwork and the Klocwork logo are registered trademarks of Klocwork, Incorporated in the United States and/or other countries. All other names are trademarks or registered trademarks of their respective companies.