Klocwork product documentation is available here.
This exclusive report, using data from VDC Research's 2010 Embedded Engineering Survey, highlights the new realities of developing software for multicore and multiprocessor architectures. Get the report and learn how ... More
To ensure your embedded software is secure, you must start by understanding the threats that can make it susceptible to attack and then establish appropriate counter measures. Designed for embedded software engineers ... More
Millions of lines of software code are driving the latest innovations in today's vehicles. However, with software-driven innovation comes the reality of coding defects, failures and the potential to become a target for hackers. This paper outlines three important steps that embedded automotive software teams can follow to identify critical coding errors and security vulnerabilities, and protect their software against failure and malicious attack.
Companies that create smartphones, military systems, aerospace technology, medical devices, and communications software and equipment are all looking at source code analysis (SCA) as a way to reduce their costs while creating more secure and reliable code. Naturally, people want to know what payoff to expect from deploying SCA and how they can show ROI within their organization. This paper shows you how to build a business case for source code analysis and demonstrates a few different ways to calculate ROI for ... More
Automated source code analysis locates and describes areas of weakness in source code, such as security vulnerabilities, logic errors, concurrency violations, and more. While the technology has been around for decades, today's tools use a variety of technologies to achieve a whole program analysis that brings new levels of scalability and accuracy to the technology domain. This paper describes Klocwork's approach to achieving this goal, Klocwork Truepath™.
Software teams are moving away from single processor architectures at a rapid rate. But the realities of developing software for these next-gen architectures is introducing significant complexity when it comes to identifying software issues - specifically concurrency errors and endian incompatibilities. This paper looks at the challenges of developing for multicore/multiprocessor environments, explains how Klocwork's tools can be used to address them, and provides two examples in prominent open source projects.
The value of peer code review is undeniable. But despite this, it continues to be a much-maligned milestone in the software development cycle. Code reviews are difficult to implement consistently, the review is often left incomplete, and let’s be honest, developers generally don’t like doing them. In this paper, Klocwork provides specific recommendations on how organizations can implement a simple, effective code review process that takes advantage of the latest tools and technologies.
Producing high-quality, feature-rich software while meeting regulatory guidelines presents a unique set of challenges for those developing medical device software. In this paper for medical device software managers, learn how an effective verification process can help achieve FDA compliance and meet productivity goals.
To keep pace with ever-increasing customer demands on software functionality and time-to-market expectations, software developers are having to develop higher quaility code faster. As a result, Agile development is becoming more common. However, to fully realize the benefits of Agile, a repeatable process for ensuring code is free of defects and security vulnerabilities is critical. This paper examines how source code analysis can enhance the Agile development process and empower Agile teams.
Given the complexity of today's airborne software systems, the use of automated tools can assist in the on-time and on-budget delivery of these projects. Automated source code analysis tools can help address key areas of the D0-178B guidance related to Software Verification and Software Lifecycle Data requirements. Learn how the defect and metrics analysis capabilities of Klocwork Insight can be used to automate time-consuming tasks and help you achieve key objectives of the D0-178B guidance.
As embedded software becomes more mobile and connected, organizations must take additional steps to ensure their code is secure. To achieve this and combat ever-changing security threats, software engineering teams need to incorporate threat modeling, combined with updated tools and processes into their development plans.This paper examines threat modeling and explains how it can be used in concert with defensive coding, automated source code analysis, peer code review, and penetration testing to both identify and ... More
No one wants to be on the hot seat when a critical vulnerability is exploited in the field or when a coding mistake causes product recalls, brand damage, or revenue losses. Source code analysis helps developers and development teams avoid this exposure by performing the most rigorous form of automated code review possible. This paper discusses what issues can be found with source code analysis, why developers should use them, and why the technology should be apart of every development build chain.