Klocwork product documentation is available here.
As a manufacturer of medical electronics, meeting the FDA's rigorous safety and quality standards is crucial to Stockert. With the safety of their devices depending significantly on the quality of software they ... More
Software teams are moving away from single processor architectures at a rapid rate. But the realities of developing software for these next-gen architectures is introducing significant complexity when it comes to ... More
Klocwork Inspect offers a lightweight, web-based approach to the often mandatory, but traditionally time-consuming code review process. See how this tool can make your code review process more effective.
Migrating embedded software to Intel® architecture always requires an evaluation of code compatibility and dependencies between the existing code base and the Intel platform. Particularly in cases where the code base is a large, complex, legacy system - or a system hardcoded for big-endian memory - it is critical to understand the scope and eliminate the risk of the migration. This article on page 138 of the Intel Technology Journal describes how C/C++ source code analysis can help with architecture ... More
Embedded software is a ubiquitous presence onboard aircraft today. Just as software has become a key element in everything from consumer vehicles to household appliances, it is also critical to aircraft control. Beyond mission-critical avionics systems, software is also increasingly present in commercial aircraft galley equipment, passenger onboard entertainment systems and, more recently, wi-fi networks for passengers.
Many source code analysis deployments suffer from ‘batch processing syndrome’ where most of the analysis is centralized and results are delivered to the users. This short, high-level video suggests there’s a better way. (Hint: it’s all about on-the-fly static analysis.)
Experience our new on-the-fly static analysis capabilities in this video which shows Klocwork Insight finding defects within Visual Studio.
Klocwork's source code analysis tools combine on-the-fly analysis, drag & drop build reporting, and cross-project impact analysis to deliver serious productivity gains to the entire development process. As the only static analysis vendor combining deep defect detection with MISRA coding standard and ISO 26262 support, Klocwork's tools are an ideal choice for automotive software developers concerned about software security and reliability.
Klocwork Checker Studio allows development teams to create their own static analysis checkers to extend and customize the defect detection capabilities of Klocwork Insight. See how it works in this video.
See how our tools perform rename and introduce variable refactoring for C/C++ in Eclipse and Visual Studio.
This video looks at how Klocwork Insight can help migrate your code to Intel architecture, addressing issues like complex code bases and hardcoded endian memory.
Finding and fixing defects at the desktop - as code is being written - is the most cost-effective and efficient way to ensure bug-free software. See how Klocwork Insight works with Eclipse in this short video.
Klocwork Refactoring helps you simplify the time-consuming task of code maintenance for C/C++. In this video, see how to use Klocwork Insight to analyze and optimize your header include directives.
Klocwork Review provides development leads with the metrics and reports needed to understand the state of their code base. This video provides a look into Klocwork Review’s issue management capabilities and shows off some of the reporting features, including how to use drag-and-drop functionality to create a custom build integration report.
With the types of security attacks, what they're targeting, and where they're coming from continuing to grow, the problem of software security can seem overwhelming. But with an alarming number of security vulnerabilities starting within the software code itself, writing clean code becomes an important weapon in your defense against security attacks. This article solicits input from industry experts on the reality of software security, the common security mistakes being made, and how to avoid them. Reprinted with ... More
With new aircraft now being highly software dependent – software verification and integrity is becoming ever more vital. Tim Robinson speaks to one company who are experts in squashing these software bugs in mission-critical code.
Klocwork Review provides development leads with the metrics and reports needed to understand the state of their code base. In this video, see how to create code modules and use view filters.
Extracting methods or functions from large and unwieldy methods allows you to create smaller, more logical functions, and inlining a function or method allows you to remove the overhead of an overly segmented source layout. See how it’s done with Klocwork Refactoring.
Based on Klocwork's introduction of the first on-the-fly source code analysis tool, and the its contribution to improving the state of software secuirty and QA, Klocwork was named to the 2012 SD Times 100. Learn more about the company's recent accomplishments in this SD Times profile.
Klocwork Insight helps developers find and fix defects and security vulnerabilities in their source code. In addition to being available as a plug-in to IDEs including Eclipse and Visual Studio, Klocwork Insight is also available for developers using command line.
As a manufacturer of medical electronics, meeting the FDA's rigorous safety and quality standards is crucial to Stockert. With the safety of their devices depending significantly on the quality of software they develop, Stockert invested in Klocwork's source code analysis tools. Learn how their static analysis deployment has helped Stockert achieve FDA certifications, gain more trust in their code quality, and increase development efficiency.
This exclusive report, using data from VDC Research's 2010 Embedded Engineering Survey, highlights the new realities of developing software for multicore and multiprocessor architectures. Get the report and learn how growth in these advanced platforms is introducing a new set of challenges for embedded software engineering teams, impacting project schedules, and causing cost overruns.
Klocwork helps developers create more secure and reliable software. Our tools analyze source code on-the-fly, simplify peer code reviews, and extend the life of complex software. Hundreds of customers in the mobile device, consumer electronics, medical technologies, telecom, automotive, military and aerospace sectors rely on our development tools.
Millions of lines of software code are driving the latest innovations in today's vehicles. However, with software-driven innovation comes the reality of coding defects, failures and the potential to become a target for hackers. This paper outlines three important steps that embedded automotive software teams can follow to identify critical coding errors and security vulnerabilities, and protect their software against failure and malicious attack.
Developing software for mission-critical applications such as military, aerospace, and medical devices requires aggressive strategies for reducing risk throughout the development lifecycle. This brief webinar looks at three crucial components of an effective risk management strategy that can be achieved with source code analysis, including stabilizing code early in development, automating metrics and measurement, and creating a disciplined approach to producing maintainable code.
In Motorola's continuous process improvement paradigm, the iDEN Mobile Devices software team implemented several processes and tools in 2005 - the combination of which has led to significant cost reductions and quality improvements. The Klocwork tool suite was a major contributor to achieving the quality and productivity results identified in this case study.
Companies that create smartphones, military systems, aerospace technology, medical devices, and communications software and equipment are all looking at source code analysis (SCA) as a way to reduce their costs while creating more secure and reliable code. Naturally, people want to know what payoff to expect from deploying SCA and how they can show ROI within their organization. This paper shows you how to build a business case for source code analysis and demonstrates a few different ways to calculate ROI for ... More
Embedded software development teams are striving to meet growing market demands while juggling increased software complexity across globally distributed teams. Nowhere are these challenges more amplified than in the medical device sector, where resources are limited, yet code complexity is growing at one of the fastest rates in the industry.
Klocwork's source code analysis tools combine on-the-fly analysis, drag & drop build reporting, and cross-project impact analysis to deliver serious productivity gains to the entire development process. Klocwork customers include the largest global companies and software development organizations right down to individual developers.
Automated source code analysis locates and describes areas of weakness in source code, such as security vulnerabilities, logic errors, concurrency violations, and more. While the technology has been around for decades, today's tools use a variety of technologies to achieve a whole program analysis that brings new levels of scalability and accuracy to the technology domain. This paper describes Klocwork's approach to achieving this goal, Klocwork Truepath™.
Tasked with building the embedded software component for a next-generation human prosthetic, the Johns Hopkins University Applied Physics Laboratory software team turned to Klocwork's source code analysis tools to help ensure the software's reliability and boost developer productivity.
Software coding defects increase the cost of development and support, tarnish a company's reputation, and limit revenue opportunities. This research report from the New Rowley Group discusses how investing in a defect detection and prevention solution enables companies to catch defects early, limit their financial impact, and institute a proactive approach to defect prevention.
A good vulnerability management program includes tools, manual techniques, a security defect classification system and, most importantly, the knowledge to remediate vulnerabilities quickly and accurately. Watch this on-demand webinar to learn how to effectively combine these components and build more secure software with each release. Watch the On-Demand Webinar
Sencore needed a static analysis tool to help catch software defects to ensure high-reliability video transmissions to its customers. Sencore used Klocwork Insight to analyze its software builds for memory leaks and critical issues that might compromise the quality of the video stream its solutions deliver.
Software teams are moving away from single processor architectures at a rapid rate. But the realities of developing software for these next-gen architectures is introducing significant complexity when it comes to identifying software issues - specifically concurrency errors and endian incompatibilities. This paper looks at the challenges of developing for multicore/multiprocessor environments, explains how Klocwork's tools can be used to address them, and provides two examples in prominent open source projects.
Dave West, Senior Analyst, Forrester Research, Inc., reviews the findings of a recent code review study and discusses why it’s time for software development organizations to exploit modern technology to improve the code review process. Learn about the key challenges of code review and recommendations on ways to improve the process right from the analyst himself.
The value of peer code review is undeniable. But despite this, it continues to be a much-maligned milestone in the software development cycle. Code reviews are difficult to implement consistently, the review is often left incomplete, and let’s be honest, developers generally don’t like doing them. In this paper, Klocwork provides specific recommendations on how organizations can implement a simple, effective code review process that takes advantage of the latest tools and technologies.
In this on-demand webinar hosted by Klocwork, learn where source code analysis can be used in your development process, the problems that it solves, and how the technology can be used to streamline a number of productivity bottlenecks in your development process.
For Canfield Scientific, which specializes in medical image capture systems and software for the medical and skin care industry, performing static analysis on its software helps the company catch potential software defects before they reach the customer. This case study looks at how Canfield uses Klocwork's on-the-fly analysis in Visual Studio to achieve measurable productivity and quality gains.
This exclusive study commissioned by Klocwork and conducted by Forrester Consulting provides valuable data and insights that will help you benchmark and improve your peer code review practices, including: top code review challenges; respondent's feedback on code review benefits, frequency, and technologies; and recommendations on modernizing code reviews.
Peer code reviews are a vital step in the software development cycle but everyone knows the challenges involved. Learn how a tools-based approach to peer code reviews can unleash the benefits of this important development milestone by incorporating social media concepts, enabling collaboration and communication amongst reviewers, and combining static analysis with code reviews.
Producing high-quality, feature-rich software while meeting regulatory guidelines presents a unique set of challenges for those developing medical device software. In this paper for medical device software managers, learn how an effective verification process can help achieve FDA compliance and meet productivity goals.
Feeling that powerful analysis techniques are often overshadowed by testing and review when it comes to creating high quality software, representatives at Lawrence Livermore National Labs wrote this article which makes a compelling business case for the use of static analysis tools. The article contains results from two case studies where automated source code analysis tools were run on C++ code.
To keep pace with ever-increasing customer demands on software functionality and time-to-market expectations, software developers are having to develop higher quaility code faster. As a result, Agile development is becoming more common. However, to fully realize the benefits of Agile, a repeatable process for ensuring code is free of defects and security vulnerabilities is critical. This paper examines how source code analysis can enhance the Agile development process and empower Agile teams.
During this web seminar you will see how easy it is to exploit security vulnerabilities caused by common software defects. Watch how a simple hack on an older version of FireFox enables a hacker to gain full access to a remote machine. More importantly, see how this same vulnerability could have been prevented through the use of static analysis.
Panda Security conducted a rigorous evaluation to determine the best source code analysis tool to integrate into its software test and quality process. After trying a number of tools, Panda Security selected Klocwork, which is now an important time saving component of the company’s comprehensive software regression test suite.
In order for Polycom’s telepresence, video and voice products to deliver a reliable and seamless "face to face" customer experience every time, they use Klocwork Insight to deliver more stable and reliable code. Read this case study to see how source code analysis helped Polycom improve developer productivity and customer satisfaction.
We're setting a new standard for static analysis tools with the launch of Klocwork Insight 9.5. This new release offers on-the-fly static analysis that instantly underlines defects as code is written; drag and drop reporting that answers complex questions about the security and reliability of your code; and on-the-fly impact analysis that checks if a reported issue exists in other code bases, branches or builds.
Given the complexity of today's airborne software systems, the use of automated tools can assist in the on-time and on-budget delivery of these projects. Automated source code analysis tools can help address key areas of the D0-178B guidance related to Software Verification and Software Lifecycle Data requirements. Learn how the defect and metrics analysis capabilities of Klocwork Insight can be used to automate time-consuming tasks and help you achieve key objectives of the D0-178B guidance.
The complexity of porting or developing for multicore or multiprocessor architectures can lead to increased project expenses and timelines. In this ready-to-watch webinar, learn about Klocwork's tools-oriented approach to overcoming these challenges which equips developers with a personal mentor to detail critical concurrency and endian incompatibility issues as they're introduced.
As a leading developer and manufacturer of Carrier Ethernet edge and aggregation equipment, Overture has a zero-tolerance policy for in-field failures. This case study looks at Overture's approach to evaluating competing source code analysis tools and discusses how they implemented Klocwork Insight to ensure potentially outage-causing defects don't make it into the field.
As embedded software becomes more mobile and connected, organizations must take additional steps to ensure their code is secure. To achieve this and combat ever-changing security threats, software engineering teams need to incorporate threat modeling, combined with updated tools and processes into their development plans.This paper examines threat modeling and explains how it can be used in concert with defensive coding, automated source code analysis, peer code review, and penetration testing to both identify and ... More
In an Agile context where software production is performed in short, feature-driven iterations, it's critical that bugs are found and removed from code as early as possible. In this session, we examine the evolution of source code analysis technology and discuss why and how it should be deployed for maximum benefit within an Agile development process.
No one wants to be on the hot seat when a critical vulnerability is exploited in the field or when a coding mistake causes product recalls, brand damage, or revenue losses. Source code analysis helps developers and development teams avoid this exposure by performing the most rigorous form of automated code review possible. This paper discusses what issues can be found with source code analysis, why developers should use them, and why the technology should be apart of every development build chain.
To augment manual code testing, Spirent Communications introduced Klocwork Insight into its software development process, enabling the company to develop higher-quality software, reduce errors in the field and maintain its reputation as a leader in the network and communications technology industry.
Automating key steps in the development lifecycle - including defect detection, builds and deployments - offers important productivity benefits for development organizations. The ability to immediately assess the impact of changes, generate continuous feedback on product stability, and reduce the effort associated with fixing issues found late in the cycle allows development teams to focus on creating higher quality products in less time. Learn more in this webinar hosted by Klocwork and Urbancode.
Offering network solutions to integrate sensors and communications for government and defense customers, Raytheon Network Centric Systems had two challenges: frequent use of legacy code and the unavailability of the original developers meant new developers had to come up to speed quickly; and the need to run 'what if' scenarios.
As a market-leading provider of healthcare technology, Schiller has deployed Klocwork tools, including the Connected Desktop, to help the company meet its MISRA standards, speed up testing, and achieve higher quality.
To ensure your embedded software is secure, you must start by understanding the threats that can make it susceptible to attack and then establish appropriate counter measures. Designed for embedded software engineers and security specialists, this webinar identifies the characteristics of embedded software that make it vulnerable to security threats, discusses the importance of threat modeling, and provides specific mitigation activities all embedded teams should employ.
The driving objective of the Laboratory for Atmospheric and Space Physics (LASP) at the University of Colorado is research in atmospheric science, space physics, solar influences, and planetary science, supported by the technological contributions of its engineering and mission operations divisions. To better ensure the reliability of key data processing software, LASP introduced Klocwork Insight into several projects.
As the market-leading manufacturer of DSL devices in Germany, the software development cycle of AVM is focused on meeting the demand for a high-quality, reliable and secure online experience. Faced with the challenge of writing software that can be adapted to support the various functions of their product line, AVM needed an advanced static analysis tool capable of thorough and diverse code testing. Learn how AVM deployed Klocwork's tools to improve code quality and cut development time.
Iskratel's 400+ developers write complex software to drive advanced communications technologies. These applications are between 1-1.5 million lines of code, written in C, SDL, Java and C++. To identify the best testing solution to eliminate bugs early in the development lifecycle, Iskratel conducted a head-to-head competitive evaluation of three products, and selected Klocwork's source code analysis tools. Learn how Iskratel uses automated source code analysis to effectively optimize software quality.
BMC Software, a leading global provider of enterprise management solutions, turned to Klocwork to help them address quality and security concerns within their Action Request product line. With robust Quality Assurance practices already in place, BMC was looking for a solution that would enable its developers to find issues in their product early in the development process. BMC performed a rigorous evaluation of the two leading vendors in this space which ultimately lead to the selection of Klocwork.
As a provider of payment software for banks and merchants worldwide, ACI Worldwide puts a great deal of emphasis on code quality and security. Given the nature of their business and need for PCI compliance, ensuring their source code is intruder resistant and free from defects is paramount. Gain insight from their first-hand experience qualifying, selecting and deploying a source code analysis solution and learn why they selected Klocwork.