Klocwork product documentation is available here.
As our reliability on software grows each day, it becomes imperative that we implement software in the most secure manner possible. In this white paper we'll explore the risk of injection attacks, how to prevent these ... More
The value of peer code review is undeniable. But despite this, it continues to be a much-maligned milestone in the software development cycle. Code reviews are difficult to implement consistently, the review is often ... More
As embedded systems evolve and become increasingly interconnected, the risk to the security and functionality of these systems increases. In this white paper, we'll discuss guidelines that software teams should follow to help protect critical M2M systems from malicious attack and prevent failure.
Static code analysis (SCA) has been around for a long time and is proven to reduce the costs associated with software defects by finding bugs earlier in the software development lifecycle. In this white paper, we identify new ways in which SCA finds defects even earlier and integrates better into developer workflows, increasing the value that static analysis brings to your software.
Static code analysis has many benefits - faster project execution, better source code at check-in, less costly development cycles - but there are some misconceptions about how it can impact developers. In this white paper we'll outline some of the myths surrounding SCA and explain the true value static analysis can bring to your software.
Klocwork Insight analyzes how Android code is meant to operate by building a knowledge base of every function call in the platform. This analysis provides an understanding of both the Java and C/C++ code that Android developers require. The analysis is performed on a server or the developer’s desktop, and has built-in diagnostics and Android-specific checkers. The result is secure code, fewer errors and faster project completion.
As our reliability on software grows each day, it becomes imperative that we implement software in the most secure manner possible. In this white paper we'll explore the risk of injection attacks, how to prevent these vulnerabilities in your software and how Static Code Analysis, or SCA can help.
Automated source code analysis locates and describes areas of weakness in source code, such as security vulnerabilities, logic errors, concurrency violations, and more. While the technology has been around for decades, today's tools use a variety of technologies to achieve a whole program analysis that brings new levels of scalability and accuracy to the technology domain. This paper describes Klocwork's approach to achieving this goal.
Software teams are moving away from single processor architectures at a rapid rate. But the realities of developing software for these next-gen architectures is introducing significant complexity when it comes to identifying software issues - specifically concurrency errors and endian incompatibilities. This paper looks at the challenges of developing for multicore/multiprocessor environments, explains how Klocwork's tools can be used to address them, and provides two examples in prominent open source projects.
Companies that create smartphones, military systems, aerospace technology, medical devices, and communications software and equipment are all looking at source code analysis (SCA) as a way to reduce their costs while creating more secure and reliable code. Naturally, people want to know what payoff to expect from deploying SCA and how they can show ROI within their organization. This paper shows you how to build a business case for source code analysis and demonstrates a few different ways to calculate ROI for ... More
The value of peer code review is undeniable. But despite this, it continues to be a much-maligned milestone in the software development cycle. Code reviews are difficult to implement consistently, the review is often left incomplete, and let’s be honest, developers generally don’t like doing them. In this paper, Klocwork provides specific recommendations on how organizations can implement a simple, effective code review process that takes advantage of the latest tools and technologies.
Millions of lines of software code are driving the latest innovations in today's vehicles. However, with software-driven innovation comes the reality of coding defects, failures and the potential to become a target for hackers. This paper outlines three important steps that embedded automotive software teams can follow to identify critical coding errors and security vulnerabilities, and protect their software against failure and malicious attack.
Producing high-quality, feature-rich software while meeting regulatory guidelines presents a unique set of challenges for those developing medical device software. In this paper for medical device software managers, learn how an effective verification process can help achieve FDA compliance and meet productivity goals.
To keep pace with ever-increasing customer demands on software functionality and time-to-market expectations, software developers are having to develop higher quality code faster. As a result, Agile development is becoming more common. However, to fully realize the benefits of Agile, a repeatable process for ensuring code is free of defects and security vulnerabilities is critical. This paper examines how source code analysis can enhance the Agile development process and empower Agile teams.
Given the complexity of today's airborne software systems, the use of automated tools can assist in the on-time and on-budget delivery of these projects. Automated source code analysis tools can help address key areas of the DO-178B guidance related to Software Verification and Software Lifecycle Data requirements. Learn how the defect and metrics analysis capabilities of Klocwork Insight can be used to automate time-consuming tasks and help you achieve key objectives of the DO-178B guidance.
As embedded software becomes more mobile and connected, organizations must take additional steps to ensure their code is secure. To achieve this and combat ever-changing security threats, software engineering teams need to incorporate threat modeling, combined with updated tools and processes into their development plans. This paper examines threat modeling and explains how it can be used in concert with defensive coding, automated source code analysis, peer code review, and penetration testing to both identify ... More
No one wants to be on the hot seat when a critical vulnerability is exploited in the field or when a coding mistake causes product recalls, brand damage, or revenue losses. Source code analysis helps developers and development teams avoid this exposure by performing the most rigorous form of automated code review possible. This paper discusses what issues can be found with source code analysis, why developers should use them, and why the technology should be apart of every development build chain.