Klocwork product documentation is available here.
The use of static analysis plays an important role in ensuring the security of source code during the software development cycle. But there are a lot of myths about what static analysis tools can and can't do, ... More
The value of peer code review is undeniable. But despite this, it continues to be a much-maligned milestone in the software development cycle. Code reviews are difficult to implement consistently, the review is often ... More
ABB has operations spread across five divisions around the world, leading the industry in power generation and automation technologies. Ensuring each group had a consistent approach to software security and reliability was challenging and, in 2008, ABB undertook a global review of all software tools used within the company. Read this case study to learn how the company's Software Development Improvement Program ultimately standardized on Klocwork Insight as the best fit for their diverse requirements.
Static code analysis has many benefits - faster project execution, better source code at check-in, less costly development cycles - but there are some misconceptions about how it can impact developers. In this white paper we'll outline some of the myths surrounding SCA and explain the true value static analysis can bring to your software.
Embedded software is a ubiquitous presence onboard aircraft today. Just as software has become a key element in everything from consumer vehicles to household appliances, it is also critical to aircraft control. Beyond mission-critical avionics systems, software is also increasingly present in commercial aircraft galley equipment, passenger onboard entertainment systems and, more recently, wi-fi networks for passengers.
Migrating embedded software to Intel® architecture always requires an evaluation of code compatibility and dependencies between the existing code base and the Intel platform. Particularly in cases where the code base is a large, complex, legacy system - or a system hardcoded for big-endian memory - it is critical to understand the scope and eliminate the risk of the migration. This article on page 138 of the Intel Technology Journal describes how C/C++ source code analysis can help with architecture ... More
OpenSpan streamlines systems and simplifies activities for over 300,000 contact center, back office, and retail storefront desktops around the world. Improving performance and increasing efficiency for its own software development teams required a similar approach to process improvement and software quality. Read this case study to learn how the company deployed Klocwork to reduce defects by 30%, acheive CWE Top 25 compliance, and deliver better code faster.
Heartland.Data builds platform-independent debugging tools that deliver fast, real-time data on the execution and performance of software systems. Ensuring software quality and reducing time to market was critical for customer happiness so the company decided to bring static code analysis into their testing strategy. Read this case study to understand their philosophy behind customer satisfaction and how it led to Klocwork being chosen as the best tool for their developers.
The increase in the volume and complexity of software code in recent years is indisputable. Unfortunately, the larger, more complex software projects of today inevitably result in higher volumes of security vulnerabilities and defects within these code bases, exposing potential for security breaches or system failures. In this webcast, VDC will share results from its latest research and discuss: Trends affecting embedded software development Leading challenges driving code security and complexity issues ... More
Klocwork Insight analyzes how Android code is meant to operate by building a knowledge base of every function call in the platform. This analysis provides an understanding of both the Java and C/C++ code that Android developers require. The analysis is performed on a server or the developer’s desktop, and has built-in diagnostics and Android-specific checkers. The result is secure code, fewer errors and faster project completion.
Based on Klocwork's introduction of the first on-the-fly source code analysis tool and their contribution to improving the state of software security and QA, Klocwork was named to the 2012 SD Times 100. Learn more about the company's recent accomplishments in this SD Times profile.
As our reliability on software grows each day, it becomes imperative that we implement software in the most secure manner possible. In this white paper we'll explore the risk of injection attacks, how to prevent these vulnerabilities in your software and how Static Code Analysis, or SCA can help.
With the types of security attacks, what they're targeting, and where they're coming from continuing to grow, the problem of software security can seem overwhelming. But with an alarming number of security vulnerabilities starting within the software code itself, writing clean code becomes an important weapon in your defense against security attacks. This article solicits input from industry experts on the reality of software security, the common security mistakes being made, and how to avoid them. Reprinted with ... More
The level of concurrency in automotive systems is increasing rapidly. With multithreaded code on multicore processors, the balance between dynamic analysis of code and static analysis of design and code is tipping heavily in favor of the latter. While not a complete replacement for traditional testing methods, testing by analysis plays a major role in effective verification and validation - as reflected in many of the safety standards. ISO 13849 makes it explicit: "When validation by analysis is not ... More
You already know that static code analysis (SCA) reduces the cost of finding and fixing defects but did you know that only one tool allows you to do it as you type and from within your environment? This backgrounder explains how Klocwork Insight leads the next generation of SCA tools with features that bring results into developer's hands and help the entire team to collaborate in reducing security and reliability defects.
Software security breaches can happen in many places, including at the source code level. Opportunities for vulnerable code breaches are often created innocently enough, sometimes because we don't know what to look for. In this one-hour webinar designed for software engineers, you'll learn how to: Recognize a potential data breach in web, desktop and mobile applications Quickly assess the impact of identified breaches Identify potential application security problems in your code Use automated tools like ... More
As embedded systems evolve and become increasingly interconnected, the risk to the security and functionality of these systems increases. In this white paper, we'll discuss guidelines that software teams should follow to help protect critical M2M systems from malicious attack and prevent failure.
With new aircraft now being highly software dependent – software verification and integrity is becoming ever more vital. Tim Robinson speaks to one company who are experts in squashing these software bugs in mission-critical code.
Structure101 is an architecture development environment (ADE) that has helped thousands of teams organize the files in their codebase into a modular hierarchy with low and controlled coupling. Maintaining a well-understood and enforced architecture lets developers add new features for a fraction of the time, defects and cost.
Software security is making headlines today, whether it's the exposure of private information or critical systems being compromised. It's more important than ever for developers to understand why secure code matters and how to create safer applications. This webinar explains how security breaches occur and identifies steps you can take to reduce the risk of your application being compromised. In this one-hour webinar designed for developers and testers, you'll learn about: Common threats that affect software ... More
Static code analysis (SCA) has been around for a long time and is proven to reduce the costs associated with software defects by finding bugs earlier in the software development lifecycle. In this white paper, we identify new ways in which SCA finds defects even earlier and integrates better into developer workflows, increasing the value that static analysis brings to your software.
What separates Klocwork Insight from other source code analysis tools is that we seamlessly integrate into your personal workflow, on your desktop. We don't change the way you work - we complement the way you work. We don't make you wait until after a build is run to show you potential security vulnerabilities or reliability issues - we show you "on-the-fly" as you are typing. See our source code analysis, code review, code architecture, build reporting, code refactoring and application security benefits in ... More
The use of static analysis plays an important role in ensuring the security of source code during the software development cycle. But there are a lot of myths about what static analysis tools can and can't do, including: It throws too many false positives Results are hard to understand It's not part of my existing workflow Watch this short webinar where we'll dispel these myths (and others) and show you how using static analysis can help you develop the most secure code possible.
Automated source code analysis locates and describes areas of weakness in source code, such as security vulnerabilities, logic errors, concurrency violations, and more. While the technology has been around for decades, today's tools use a variety of technologies to achieve a whole program analysis that brings new levels of scalability and accuracy to the technology domain. This paper describes Klocwork's approach to achieving this goal.
Powered by a comprehensive static analysis engine, Klocwork cmbines on-the-fly analysis, drag & drop build reporting, and cross-project impact analysis to deliver serious productivity gains to the entire development process. Software teams around the world trust Klocwork to help them develop the most secure and reliable code possible.
As a manufacturer of medical electronics, meeting the FDA's rigorous safety and quality standards is crucial to Stockert. With the safety of their devices depending significantly on the quality of software they develop, Stockert invested in Klocwork's source code analysis tools. Learn how their static analysis deployment has helped Stockert achieve FDA certifications, gain more trust in their code quality, and increase development efficiency.
This exclusive report, using data from VDC Research's 2010 Embedded Engineering Survey, highlights the new realities of developing software for multicore and multiprocessor architectures. Get the report and learn how growth in these advanced platforms is introducing a new set of challenges for embedded software engineering teams, impacting project schedules, and causing cost overruns.
Embedded software development teams are striving to meet growing market demands while juggling increased software complexity across globally distributed teams. Nowhere are these challenges more amplified than in the medical device sector, where resources are limited, yet code complexity is growing at one of the fastest rates in the industry.
Software teams are moving away from single processor architectures at a rapid rate. But the realities of developing software for these next-gen architectures is introducing significant complexity when it comes to identifying software issues - specifically concurrency errors and endian incompatibilities. This paper looks at the challenges of developing for multicore/multiprocessor environments, explains how Klocwork's tools can be used to address them, and provides two examples in prominent open source projects.
In Motorola's continuous process improvement paradigm, the iDEN Mobile Devices software team implemented several processes and tools in 2005 - the combination of which has led to significant cost reductions and quality improvements. The Klocwork tool suite was a major contributor to achieving the quality and productivity results identified in this case study.
Don't wait for emails from a central team auditing your code to notify you of security vulnerabilities or reliability issues. With Klocwork Insight, you have the control to fix those before you check your code in. Coupled with mitigation guidance from the best in the business, Klocwork Insight helps you write the right code, at the right time, so you can commit with confidence. Watch Klocwork Insight source code analysis in action with this three-minute overview video.
Machine-to-Machine (M2M) communication offers enormous potential to expand the capabilities of devices, including remote wireless management and updates. However, there are profound security implications as the software running therein must be completely fault-tolerant and hardened from attack. Join this webinar to learn about: Common attacks, threats and security considerations for embedded software Using static analysis to find and fix security vulnerabilities Application whitelisting – preventing ... More
Klocwork Cahoots is a flexible and easy-to-use code review tool that simplifies the review process. Designed for development teams of all sizes, Cahoots fits into the developer workflow to ensure code reviews are both effective and fast.
Klocwork Insight is becoming the tool of choice for software developers at automotive suppliers and manufacturers worldwide. Our source code analysis and review tools help deliver C/C++, Java and C# code that is the most secure and reliable possible.
Klocwork Refactoring helps you simplify the time-consuming task of code maintenance for C/C++. In this video, see how to use Klocwork Insight to analyze and optimize your header include directives.
A good vulnerability management program includes tools, manual techniques, a security defect classification system and, most importantly, the knowledge to remediate vulnerabilities quickly and accurately. Watch this on-demand webinar to learn how to effectively combine these components and build more secure software with each release. Watch the On-Demand Webinar
Companies that create smartphones, military systems, aerospace technology, medical devices, and communications software and equipment are all looking at source code analysis (SCA) as a way to reduce their costs while creating more secure and reliable code. Naturally, people want to know what payoff to expect from deploying SCA and how they can show ROI within their organization. This paper shows you how to build a business case for source code analysis and demonstrates a few different ways to calculate ROI for ... More
Tasked with building the embedded software component for a next-generation human prosthetic, the Johns Hopkins University Applied Physics Laboratory software team turned to Klocwork's source code analysis tools to help ensure the software's reliability and boost developer productivity.
Software coding defects increase the cost of development and support, tarnish a company's reputation, and limit revenue opportunities. This research report from the New Rowley Group discusses how investing in a defect detection and prevention solution enables companies to catch defects early, limit their financial impact, and institute a proactive approach to defect prevention.
Klocwork refactoring simplifies the task of maintaining your C/C++ code within Visual Studio or Eclipse. Built-in C/C++ 11 refactoring provides a consistent, refactoring discipline that helps you improve your code structure. It enables you to automatically abstract code into re-usable and understandable segments, ensures things are expressed as few times as possible, saves time on future code modifications and more. Automatically clean-up your code within your IDE and make it easier to understand. Watch Klocwork ... More
Dave West, Senior Analyst, Forrester Research, Inc., reviews the findings of a recent code review study and discusses why it’s time for software development organizations to exploit modern technology to improve the code review process. Learn about the key challenges of code review and recommendations on ways to improve the process right from the analyst himself.
This exclusive study commissioned by Klocwork and conducted by Forrester Consulting provides valuable data and insights that will help you benchmark and improve your peer code review practices, including: top code review challenges; respondent's feedback on code review benefits, frequency, and technologies; and recommendations on modernizing code reviews.
Sencore needed a static analysis tool to help catch software defects to ensure high-reliability video transmissions to its customers. Sencore used Klocwork Insight to analyze its software builds for memory leaks and critical issues that might compromise the quality of the video stream its solutions deliver.
The value of peer code review is undeniable. But despite this, it continues to be a much-maligned milestone in the software development cycle. Code reviews are difficult to implement consistently, the review is often left incomplete, and let’s be honest, developers generally don’t like doing them. In this paper, Klocwork provides specific recommendations on how organizations can implement a simple, effective code review process that takes advantage of the latest tools and technologies.
Millions of lines of software code are driving the latest innovations in today's vehicles. However, with software-driven innovation comes the reality of coding defects, failures and the potential to become a target for hackers. This paper outlines three important steps that embedded automotive software teams can follow to identify critical coding errors and security vulnerabilities, and protect their software against failure and malicious attack.
What makes Klocwork Cahoots code review so great and sets us apart from other code review tools? Hear what our development and product management teams have to say in this three-minute video.
In this on-demand webinar hosted by Klocwork, learn where source code analysis can be used in your development process, the problems that it solves, and how the technology can be used to streamline a number of productivity bottlenecks in your development process.
For Canfield Scientific, which specializes in medical image capture systems and software for the medical and skin care industry, performing static analysis on its software helps the company catch potential software defects before they reach the customer. This case study looks at how Canfield uses Klocwork's on-the-fly analysis in Visual Studio to achieve measurable productivity and quality gains.
Feeling that powerful analysis techniques are often overshadowed by testing and review when it comes to creating high quality software, representatives at Lawrence Livermore National Labs wrote this article which makes a compelling business case for the use of static analysis tools. The article contains results from two case studies where automated source code analysis tools were run on C++ code.
See how to participate in code reviews with Klocwork Cahoots. Discover how, in just a couple clicks, you can view diff and history files, create comments and actions, and approve or reject a review in this four-minute overview video.
Producing high-quality, feature-rich software while meeting regulatory guidelines presents a unique set of challenges for those developing medical device software. In this paper for medical device software managers, learn how an effective verification process can help achieve FDA compliance and meet productivity goals.
See how easy it is to create pre-checkin reviews, sort reviews, identify reviewers and link to comments and actions in this three-minute overview video.
Panda Security conducted a rigorous evaluation to determine the best source code analysis tool to integrate into its software test and quality process. After trying a number of tools, Panda Security selected Klocwork, which is now an important time saving component of the company’s comprehensive software regression test suite.
To keep pace with ever-increasing customer demands on software functionality and time-to-market expectations, software developers are having to develop higher quality code faster. As a result, Agile development is becoming more common. However, to fully realize the benefits of Agile, a repeatable process for ensuring code is free of defects and security vulnerabilities is critical. This paper examines how source code analysis can enhance the Agile development process and empower Agile teams.
During this web seminar you will see how easy it is to exploit security vulnerabilities caused by common software defects. Watch how a simple hack on an older version of FireFox enables a hacker to gain full access to a remote machine. More importantly, see how this same vulnerability could have been prevented through the use of static analysis.
In order for Polycom’s telepresence, video and voice products to deliver a reliable and seamless "face to face" customer experience every time, they use Klocwork Insight to deliver more stable and reliable code. Read this case study to see how source code analysis helped Polycom improve developer productivity and customer satisfaction.
See how code reviews work from the command line in Klocwork Cahoots. Discover how to set up a pre-checkin review, add tags for sorting reviews, verify files before posting and more in this three-minute demonstration video.
The complexity of porting or developing for multicore or multiprocessor architectures can lead to increased project expenses and timelines. In this ready-to-watch webinar, learn about Klocwork's tools-oriented approach to overcoming these challenges which equips developers with a personal mentor to detail critical concurrency and endian incompatibility issues as they're introduced.
Given the complexity of today's airborne software systems, the use of automated tools can assist in the on-time and on-budget delivery of these projects. Automated source code analysis tools can help address key areas of the DO-178B guidance related to Software Verification and Software Lifecycle Data requirements. Learn how the defect and metrics analysis capabilities of Klocwork Insight can be used to automate time-consuming tasks and help you achieve key objectives of the DO-178B guidance.
In an Agile context where software production is performed in short, feature-driven iterations, it's critical that bugs are found and removed from code as early as possible. In this session, we examine the evolution of source code analysis technology and discuss why and how it should be deployed for maximum benefit within an Agile development process.
As embedded software becomes more mobile and connected, organizations must take additional steps to ensure their code is secure. To achieve this and combat ever-changing security threats, software engineering teams need to incorporate threat modeling, combined with updated tools and processes into their development plans. This paper examines threat modeling and explains how it can be used in concert with defensive coding, automated source code analysis, peer code review, and penetration testing to both identify ... More
As a leading developer and manufacturer of Carrier Ethernet edge and aggregation equipment, Overture has a zero-tolerance policy for in-field failures. This case study looks at Overture's approach to evaluating competing source code analysis tools and discusses how they implemented Klocwork Insight to ensure potentially outage-causing defects don't make it into the field.
Klocwork Checker Studio allows development teams to create their own static analysis checkers to extend and customize the defect detection capabilities of Klocwork Insight. See how it works in this video.
To augment manual code testing, Spirent Communications introduced Klocwork Insight into its software development process, enabling the company to develop higher-quality software, reduce errors in the field and maintain its reputation as a leader in the network and communications technology industry.
No one wants to be on the hot seat when a critical vulnerability is exploited in the field or when a coding mistake causes product recalls, brand damage, or revenue losses. Source code analysis helps developers and development teams avoid this exposure by performing the most rigorous form of automated code review possible. This paper discusses what issues can be found with source code analysis, why developers should use them, and why the technology should be apart of every development build chain.
Automating key steps in the development lifecycle - including defect detection, builds and deployments - offers important productivity benefits for development organizations. The ability to immediately assess the impact of changes, generate continuous feedback on product stability, and reduce the effort associated with fixing issues found late in the cycle allows development teams to focus on creating higher quality products in less time. Learn more in this webinar hosted by Klocwork and Urbancode.
Extracting methods or functions from large and unwieldy methods allows you to create smaller, more logical functions, and inlining a function or method allows you to remove the overhead of an overly segmented source layout. See how it’s done with Klocwork Refactoring.
To ensure your embedded software is secure, you must start by understanding the threats that can make it susceptible to attack and then establish appropriate counter measures. Designed for embedded software engineers and security specialists, this webinar identifies the characteristics of embedded software that make it vulnerable to security threats, discusses the importance of threat modeling, and provides specific mitigation activities all embedded teams should employ.
Offering network solutions to integrate sensors and communications for government and defense customers, Raytheon Network Centric Systems had two challenges: frequent use of legacy code and the unavailability of the original developers meant new developers had to come up to speed quickly; and the need to run 'what if' scenarios.
Klocwork Insight helps developers find and fix defects and security vulnerabilities in their source code. In addition to being available as a plug-in to IDEs including Eclipse and Visual Studio, Klocwork Insight is also available for developers using command line.
As a market-leading provider of healthcare technology, Schiller has deployed Klocwork tools, including the Connected Desktop, to help the company meet its MISRA standards, speed up testing, and achieve higher quality.
This video looks at how Klocwork Insight can help migrate your code to Intel architecture, addressing issues like complex code bases and hardcoded endian memory.
Developing software for mission-critical applications such as military, aerospace, and medical devices requires aggressive strategies for reducing risk throughout the development lifecycle. This brief webinar looks at three crucial components of an effective risk management strategy that can be achieved with source code analysis, including stabilizing code early in development, automating metrics and measurement, and creating a disciplined approach to producing maintainable code.
You need answers to complex questions about the security, reliability and maintainability of your entire code base. Klocwork Insight provides detailed information through customizable dashboards. Code metrics can be organized by multiple criteria including team, geography, components and other attributes. Klocwork Insight's "drag and drop" feature makes it easy to get the data you need in the format you want, quickly. For example, on-the-fly build reporting and impact analysis mean developers immediately know ... More
The driving objective of the Laboratory for Atmospheric and Space Physics (LASP) at the University of Colorado is research in atmospheric science, space physics, solar influences, and planetary science, supported by the technological contributions of its engineering and mission operations divisions. To better ensure the reliability of key data processing software, LASP introduced Klocwork Insight into several projects.
As the market-leading manufacturer of DSL devices in Germany, the software development cycle of AVM is focused on meeting the demand for a high-quality, reliable and secure online experience. Faced with the challenge of writing software that can be adapted to support the various functions of their product line, AVM needed an advanced static analysis tool capable of thorough and diverse code testing. Learn how AVM deployed Klocwork's tools to improve code quality and cut development time.
Looking for a lightning quick overview of what makes Klocwork Cahoots code review so great? Look no further that our two-minute overview video.
Finding and fixing defects at the desktop - as code is being written - is the most cost-effective and efficient way to ensure bug-free software. See how Klocwork Insight works with Eclipse in this short video.
Iskratel's 400+ developers write complex software to drive advanced communications technologies. These applications are between 1-1.5 million lines of code, written in C, SDL, Java and C++. To identify the best testing solution to eliminate bugs early in the development lifecycle, Iskratel conducted a head-to-head competitive evaluation of three products, and selected Klocwork's source code analysis tools. Learn how Iskratel uses automated source code analysis to effectively optimize software quality.
BMC Software, a leading global provider of enterprise management solutions, turned to Klocwork to help them address quality and security concerns within their Action Request product line. With robust Quality Assurance practices already in place, BMC was looking for a solution that would enable its developers to find issues in their product early in the development process. BMC performed a rigorous evaluation of the two leading vendors in this space which ultimately lead to the selection of Klocwork.
As a provider of payment software for banks and merchants worldwide, ACI Worldwide puts a great deal of emphasis on code quality and security. Given the nature of their business and need for PCI compliance, ensuring their source code is intruder resistant and free from defects is paramount. Gain insight from their first-hand experience qualifying, selecting and deploying a source code analysis solution and learn why they selected Klocwork.