RSSThis Tips and Tricks guide breaks down the topic of software security assurance into a series of questions that fall into these four key areas: Managing for Software Security Developing for Software Security Auditing for Software Security Testing for Software Security
Not used
Browse Categories
Browse Tags
Resources
Case Study
As a market-leading provider of healthcare technology, Schiller has deployed Klocwork tools, including the Connected Desktop, to help the company meet its MISRA standards, speed up testing, and achieve higher quality.
Video
Short demo on how to use Klocwork to help developers refactor in C/C++ code, specifically looking at the Extract Function and Inline Function refactorings.
White Paper
With the adoption of Agile, the need to create high-quality software code in less time has never been greater. In this paper, developers will learn how to maintain velocity and eliminate bug debt with automated tools.
White Paper
White Paper
This report quantifies the costs of low quality software for customers and uses benchmark data to illustrate the magnitude of these costs. The basic conclusion is that the cost of low quality to customers can be substantial, and customers would do well to seek out more capable vendors. For the software developers themselves, by demonstrating the financial burden of low quality on their customers, they can differentiate themselves from the competition by focusing on improving the quality of their software. The ... More
White Paper
Today's developers of mission-critical software are using automated source code analysis (SCA) to locate and describe critical bugs and security vulnerabilities in their source code at system build time. However, system build-time analysis suffers from an inherent weakness: bugs impact the main code stream before they are even detected. This paper proposes a solution: move high-quality SCA to the developer's desktop and perform it at the earliest point in the development cycle - before code check-in. This approach ... More
Video
A short overview of Klocwork's flagship static analysis suite of development tools
White Paper
Automated source code analysis locates and describes areas of weakness in source code. Those weaknesses might be security vulnerabilities, logic errors, implementation defects, concurrency violations, rare boundary conditions, or many other types of problem-causing code. The name of the associated research field is static analysis and while the technology has been around for decades - primarily in the form of lint tools - modern static analysis has little in common with its well known but much maligned ... More
White Paper
With the adoption of Agile, the need to create high-quality software code in less time has never been greater. In this paper, developers will learn how to maintain velocity and eliminate bug debt with automated tools.
Video
Short demo on using Klocwork Architect to visualize the architecture of your source code.
Fact Sheet
Enterprise-class source code analysis for mission-critical software.
Video
Demo of Klocwork Inspect, the Code Review tool with a social media workflow.
Article
With new aircraft now being highly software dependent – software verification and integrity is becoming ever more vital. Tim Robinson speaks to one company who are experts in squashing these software bugs in mission-critical code.
Video
Short demo on how developers can use Klocwork's plug-in for Visual Studio to find and fix defects before they check-in their source code.
Case Study
As the market-leading manufacturer of DSL devices in Germany, the software development cycle of AVM is focused on meeting the demand for a high-quality, reliable and secure online experience. Faced with the challenge of writing software that can be adapted to support the various functions of their product line, AVM needed an advanced static analysis tool capable of thorough and diverse code testing. Learn how AVM deployed Klocwork to improve code quality and cut development time.
Case Study
Iskratel employs over 400 developers writing complex software to drive advanced communications technologies. These applications typically include between 1 and 1.5 million lines of code, written in C, SDL, Java and C++. To identify the best testing solution to eliminate bugs early in the development lifecycle, Iskratel conducted a head-to-head competitive evaluation of three products, and ultimately selected Klocwork's source code analysis tools. This case study looks at how Iskratel uses automated source code ... More
Research
Software coding defects increase the cost of development and support, tarnish a company's reputation, and limit revenue opportunities. This research report from the New Rowley Group discusses how investing in a defect detection and prevention solution enables companies to catch defects early, limit their financial impact, and institute a proactive approach to defect prevention.
Research
This IDC white paper examines how software development organizations can improve the quality of the software they deliver, and tangibly improve their overall software development process by incorporating static analysis tools into their routine development processes. The results are higher quality, more robust and maintainable code; lower risk of failure because of software reliability problems and security vulnerabilities; a more predictable software development process; and lower overall life-cycle costs. The ... More
White Paper
To keep pace with ever-increasing customer demands on software functionality and time-to-market expectations, software developers have had to evolve the way they develop code to be both faster and higher quality. As part of this trend, Agile development practices are becoming more commonplace. However, to fully realize the benefits of Agile development, it is critical to have a repeatable process for ensuring code is as free of defects and security vulnerabilities as possible. This paper examines how the use of ... More
On-Demand Webinar
Looking for a way to understand and visualize your complex software code, identify re-usable components, and re-engineer your code for better optimization? Then don’t miss our latest on-demand webinar. Using graphical models of source code, Klocwork Insight allows software architects to experiment with various models without impacting the system. This webinar provides a technical deep-dive into the following advanced software architecture analysis capabilities: Code discovery and comprehension Impact ... More
White Paper
Producing high-quality, feature-rich software while meeting regulatory guidelines presents a unique set of challenges for those developing medical device software. In this paper for medical device software managers, learn how an effective verification process can help achieve FDA compliance and meet productivity goals.
Case Study
BMC Software, a leading global provider of enterprise management solutions, turned to Klocwork to help them address quality and security concerns within their Action Request product line. With robust Quality Assurance practices already in place, BMC was looking for a solution that would enable its developers to find issues in their product early in the development process. BMC performed a rigorous evaluation of the two leading vendors in this space which ultimately lead to the selection of Klocwork.
Video
Klocwork Checker Studio demo that shows how to create custom static analysis checkers to find defects and security vulnerabilities.
Fact Sheet
Maintain iteration velocity and reduce the risk of bug debt with an integrated suite that includes powerful source code analysis, collaborative code review, and refactoring tools.
Video
Short demo on how command line users can use Klocwork Desktop to find and fix defects before they check-in their code.
Article
Embedded software is a ubiquitous presence onboard aircraft today. Just as software has become a key element in everything from consumer vehicles to household appliances, it is also critical to aircraft control.Beyond mission-critical avionics systems, software is also increasingly present in commercial aircraft galley equipment, passenger onboard entertainment systems and, more recently, wi-fi networks for passengers.
Video
Short demo on how to use Klocwork to help developers refactor in C/C++ code, specifically looking at the Extract Function and Inline Function refactorings.
Case Study
As a market-leading provider of healthcare technology, Schiller has deployed Klocwork tools, including the Connected Desktop, to help the company meet its MISRA standards, speed up testing, and achieve higher quality.
White Paper
This white paper highlights the results from an analysis of multiple open source projects that are commonly used in embedded development, including: uClinux - widely used operating system for embedded development Quagga - popular routing software suite Scratchbox - cross compilation toolkit HSQLDB - relational database management system written in Java Discover the defects associated with each of these projects (including memory management, efficiency, null pointer dereference and reliability defects, and ... More
White Paper
No one wants to be on the hot seat when a critical vulnerability is exploited in the field or when a coding mistake causes product recalls, brand damage, or revenue losses. Automated source code analysis helps developers and development teams avoid this exposure by performing the most rigorous form of automated code review possible. This paper discusses what issues can be found with source code analysis tools, why developers should use them when they have other tools to choose from, and why the technology should ... More
Video
A short demonstration of Peer Code review, C/C++ refactoring and static analysis brought together under Klocwork's Insight Pro development suite
White Paper
Given the complexity of today's airborne software systems, the use of automated tools can assist in the successful on-time and on-budget delivery of these projects. Automated source code analysis tools locate and describe areas of weakness in source code, and can help address key areas of the DO-178B guidance related to the Software Verification and Software Lifecycle Data requirements. In this white paper, learn how the defect, architecture, and metrics analysis capabilities of Klocwork Insight can be used to ... More
Research
Embedded software development teams are striving to meet growing market demands while juggling increased software complexity across globally distributed teams. Nowhere are these challenges more amplified than in the medical device sector, where resources are limited, yet code complexity is growing at one of the fastest rates in the industry.
On-Demand Webinar
In this on-demand webinar hosted by Klocwork, learn where source code analysis can be used in your development process, the problems that it solves, and how the technology can be used to streamline a number of productivity bottlenecks in your development process.
Fact Sheet
Connecting the developer desktop with the overall system context to delivers new levels of developer productivity.
Video
Short demo on using Klocwork Review for integration build reporting and metrics on your source code.
Fact Sheet
Klocwork delivers tools that enable developers to identify critical security vulnerabilities, quality defects and architectural issues quickly and accurately. Klocwork products integrate within the normal development environment, enabling risk assessment and fast critical-bug fixing in mission-critical C, C++, Java and C# software.
Video
Short demo on how developers can use Klocwork's plug-in for Eclipse to help them find and fix defects before they check-in their code.
Video
Short demo on how to use Klocwork to help developers refactor in C/C++ code, specifically looking at the Rename and Introduce Variable refactorings.
Case Study
In Motorola's continuous process improvement paradigm, the iDEN Mobile Devices software team implemented several processes and tools in 2005 - the combination of which has led to significant cost reductions and quality improvements. The Klocwork tool suite was a major contributor to achieving the quality and productivity results identified in this case study.
Case Study
Offering network solutions to integrate sensors and communications for government and defense customers, Raytheon Network Centric Systems had two challenges: Frequent use of legacy code and the unavailability of the original developers meant new developers had to come up to speed quickly The need to run 'what if' scenarios
On-Demand Webinar
During this web seminar you will see how easy it is to exploit security vulnerabilities caused by common software defects. Watch how a simple hack on an older version of FireFox enables a hacker to gain full access to a remote machine. More importantly, see how this same vulnerability could have been prevented through the use of static analysis.
On-Demand Webinar
Learn how the continuous static analysis, collaborative peer code review, and automated code refactoring capabilities of Klocwork Insight Pro can maximize the agility and productivity of individual software developers.
On-Demand Webinar
Source code analysis technology (SCA) has been evolving for more than two decades, and is now used by embedded software developersin virtually every industry to create better, bug-free code. In an Agile context where software production is performed in short, feature-driven iterations, it's critical that bugs are found and removed from code as early as possible. In this session, we examine the evolution of SCA technology and discuss why and how it should be deployed for maximum benefit within an Agile development ... More
On-Demand Webinar
For modern software development organizations faced with time-to-market pressures and increasing code complexity, automating key steps in the development lifecycle - including defect detection, builds and deployments - offers important productivity benefits. The ability to immediately assess the impact of changes, generate continuous feedback on product stability, and reduce the effort associated with fixing issues found late in the cycle, allows development organizations to focus on creating higher quality ... More