Resources

Klocwork product documentation is available here.

White Paper

White Paper

Klocwork Insight analyzes how Android code is meant to operate by building a knowledge base of every function call in the platform. This analysis provides an understanding of both the Java and C/C++ code that Android developers require. The analysis is performed on a server or the developer’s desktop, and has built-in diagnostics and Android-specific checkers. The result is secure code, fewer errors and faster project completion.

TAGS: MOBILE, SOURCE CODE ANALYSIS, STATIC ANALYSIS

White Paper

White Paper

As our reliability on software grows each day, it becomes imperative that we implement software in the most secure manner possible. In this white paper we'll explore the risk of injection attacks, how to prevent these vulnerabilities in your software and how Static Code Analysis, or SCA can help.

TAGS: SOFTWARE SECURITY, SOFTWARE VERIFICATION, SOURCE CODE ANALYSIS, STATIC ANALYSIS

White Paper

White Paper

Vehicles are increasingly connected to each other and the devices around them, creating unique safety, security, and quality challenges for embedded software systems. Development teams must do a lot more than just catch code defects during verification and validation. This paper explains three strategies to go beyond simple error detection to ensure safety, security, and compliance requirements are met.

TAGS: AUTOMOTIVE, CODING STANDARDS, EMBEDDED PROGRAMMING, MISRA, SOFTWARE SECURITY, SOFTWARE VERIFICATION, SOURCE CODE ANALYSIS, STATIC ANALYSIS

White Paper

White Paper

As embedded systems evolve and become increasingly interconnected, the risk to the security and functionality of these systems increases. In this white paper, we'll discuss guidelines that software teams should follow to help protect critical M2M systems from malicious attack and prevent failure.

TAGS: EMBEDDED PROGRAMMING, SOURCE CODE ANALYSIS, STATIC ANALYSIS

White Paper

White Paper

Static code analysis (SCA) has been around for a long time and is proven to reduce the costs associated with software defects by finding bugs earlier in the software development lifecycle. In this white paper, we identify new ways in which SCA finds defects even earlier and integrates better into developer workflows, increasing the value that static analysis brings to your software.

TAGS: SOURCE CODE ANALYSIS, STATIC ANALYSIS

White Paper

White Paper

Static code analysis has many benefits - faster project execution, better source code at check-in, less costly development cycles - but there are some misconceptions about how it can impact developers. In this white paper we'll outline some of the myths surrounding SCA and explain the true value static analysis can bring to your software.

TAGS: SOURCE CODE ANALYSIS, STATIC ANALYSIS

White Paper

White Paper

Automated source code analysis locates and describes areas of weakness in source code, such as security vulnerabilities, logic errors, concurrency violations, and more. While the technology has been around for decades, today's tools use a variety of technologies to achieve a whole program analysis that brings new levels of scalability and accuracy to the technology domain. This paper describes Klocwork's approach to achieving this goal.

TAGS: DEFECT DETECTION, SOFTWARE QUALITY, SOFTWARE SECURITY, STATIC ANALYSIS

White Paper

White Paper

Software teams are moving away from single processor architectures at a rapid rate. But the realities of developing software for these next-gen architectures is introducing significant complexity when it comes to identifying software issues - specifically concurrency errors and endian incompatibilities. This paper looks at the challenges of developing for multicore/multiprocessor environments, explains how Klocwork's tools can be used to address them, and provides two examples in prominent open source projects.

TAGS: CONCURRENCY ANALYSIS, DEADLOCK, ENDIAN, LIVELOCK, MULTICORE, SOURCE CODE ANALYSIS

White Paper

White Paper

Companies that create smartphones, military systems, aerospace technology, medical devices, and communications software and equipment are all looking at source code analysis (SCA) as a way to reduce their costs while creating more secure and reliable code. Naturally, people want to know what payoff to expect from deploying SCA and how they can show ROI within their organization. This paper shows you how to build a business case for source code analysis and demonstrates a few different ways to calculate ROI for ... More

TAGS: BUG IDENTIFICATION, DEFECT DETECTION, SOURCE CODE ANALYSIS, STATIC ANALYSIS

White Paper

White Paper

The value of peer code review is undeniable. But despite this, it continues to be a much-maligned milestone in the software development cycle. Code reviews are difficult to implement consistently, the review is often left incomplete, and let’s be honest, developers generally don’t like doing them. In this paper, Klocwork provides specific recommendations on how organizations can implement a simple, effective code review process that takes advantage of the latest tools and technologies.

TAGS: CODE REVIEW, SOFTWARE QUALITY, SOFTWARE SECURITY, SOURCE CODE ANALYSIS

White Paper

White Paper

Millions of lines of software code are driving the latest innovations in today's vehicles. However, with software-driven innovation comes the reality of coding defects, safety failures, and the potential to become a target for hackers. This paper outlines three important steps that embedded automotive software teams can follow to identify critical coding errors, functional safety issues, and protect their software against malicious attack.

TAGS: AUTOMOTIVE, CODING STANDARDS, MISRA, SOFTWARE SECURITY, SOFTWARE VERIFICATION, SOURCE CODE ANALYSIS, STATIC ANALYSIS

White Paper

White Paper

Producing high-quality, feature-rich software while meeting regulatory guidelines presents a unique set of challenges for those developing medical device software. In this paper for medical device software managers, learn how an effective verification process can help achieve FDA compliance and meet productivity goals.

TAGS: DEVELOPER PRODUCTIVITY, MEDICAL DEVICES, SOFTWARE VERIFICATION, STATIC ANALYSIS

White Paper

White Paper

To keep pace with ever-increasing customer demands on software functionality and time-to-market expectations, software developers are having to develop higher quality code faster. As a result, Agile development is becoming more common. However, to fully realize the benefits of Agile, a repeatable process for ensuring code is free of defects and security vulnerabilities is critical. This paper examines how source code analysis can enhance the Agile development process and empower Agile teams.

TAGS: AGILE DEVELOPMENT, DEFECT DETECTION, SOFTWARE SECURITY, SOURCE CODE ANALYSIS

White Paper

White Paper

Given the complexity of today's airborne software systems, the use of automated tools can assist in the on-time and on-budget delivery of these projects. Automated source code analysis tools can help address key areas of the DO-178B guidance related to Software Verification and Software Lifecycle Data requirements. Learn how the defect and metrics analysis capabilities of Klocwork Insight can be used to automate time-consuming tasks and help you achieve key objectives of the DO-178B guidance.

TAGS: AVIONICS, DEFECT DETECTION, DO-178B, INSIGHT, SOFTWARE METRICS

White Paper

White Paper

As embedded software becomes more mobile and connected, organizations must take additional steps to ensure their code is secure. To achieve this and combat ever-changing security threats, software engineering teams need to incorporate threat modeling, combined with updated tools and processes into their development plans. This paper examines threat modeling and explains how it can be used in concert with defensive coding, automated source code analysis, peer code review, and penetration testing to both identify ... More

TAGS: EMBEDDED PROGRAMMING, SOFTWARE SECURITY, SOURCE CODE ANALYSIS, STATIC ANALYSIS

White Paper

White Paper

No one wants to be on the hot seat when a critical vulnerability is exploited in the field or when a coding mistake causes product recalls, brand damage, or revenue losses. Source code analysis helps developers and development teams avoid this exposure by performing the most rigorous form of automated code review possible. This paper discusses what issues can be found with source code analysis, why developers should use them, and why the technology should be apart of every development build chain.

TAGS: SOFTWARE QUALITY, SOFTWARE SECURITY, SOFTWARE VERIFICATION, SOURCE CODE ANALYSIS