- info@klocwork.com
- 1.866.556.2967
- Contact Us
- Blog
- Support
Regardless of the industry you're in or the type of software you're developing, you've most likely been mandated to comply with one or more coding standards to ensure the security and reliability of your software. With Klocwork's static analysis tools, coding standard violations are detected out-of-the-box and are automatically reported at the developer desktop, integration build and through our peer code review tool, Klocwork Inspect.
Security Standards
Klocwork is about helping developers write secure code. That's why our analysis has been tuned to detect security vulnerabilities specifically identified by the leading authorities on secure coding best practices. We offer the most comprehensive coverage for MISRA standards as well as other secure coding initiatives including CWE, CERT, SAMATE, DISA STIG and OWASP.
Industry Standards
As the go-to static analysis vendor in the embedded space, Klocwork's tools play an important role in achieving compliance with the following industry standards:
- FDA Software Validation: Klocwork Insight addresses key validation requirements as they relate to the software coding phase outlined in the FDA's General Principles of Software Validation.
- DO-178B Certification: Helping developers of airborne systems obtain FAA approval of their software, our tools can assist with addressing Software Verification and Software Lifecycle Data objectives outlined by the DO-178B guidance.
- ISO 26262 Compliance: Klocwork's technology can help support the ISO 26262 compliance goals of automotive OEMs and their suppliers as they relate to product development at the software level.
General Coding Standards
In addition to support for formal, published standards, Klocwork Insight provides out-of-the-box support for general coding practices recommended by regulatory bodies, industry consortiums and individual companies that are serious about software quality discipline. While these various standards differ in many ways, most recommend the following general guidelines, which are supported by Klocwork:
- Ban explicit language features that can hide coding errors
- Eliminate multiple declarations in functions, classes, data types, macros, variables, etc.
- Only use pointer expressions after initialized
- Only include header files once
- Eliminate unused or unreachable code
- Place limits on the complexity of the software functions
Create Your Own Checkers
Need to implement standards unique to your project or business? Our product extensibility allows you to add checkers that meet your specific needs using one of two language frameworks:
- Klocwork Abstract Syntax Tree (KAST) checkers are used for finding syntax-related issues or any kind of style/coding guideline. KAST operates off the abstract syntax tree that is automatically generated in a hierarchical fashion to locate code constructs.
- Path checkers search for control-flow and data-flow issues, including issues spanning multiple functions or files (inter-procedurally), and allow you to track a value from a source (a starting point for analysis) to a sink (the end point where the defect is detected).
Development of most custom checkers can be done within the Klocwork Checker Studio, a graphical environment that allows developers to easily write new checkers that query their code's AST.
In this section
- Solutions
- Security Standards
- MISRA Standards
- DO-178B Certification
- FDA Software Validation
- Embedded
- Automotive
- Medical
- Android
- Miltary and Aerospace
- ROI Calculator
Relevant Resources
WHITEPAPER: Software on Wheels
Millions of lines of software code are driving the latest innovations in today's vehicles. However, with software-driven innovation comes the reality of coding defects, failures and the potential to become a target for hackers. This paper outlines three important steps that embedded automotive software teams[...]
WEBINAR: Three Strategies To Reduce Software Development Risk
Developing software for mission-critical applications such as military, aerospace, and medical devices requires aggressive strategies for reducing risk throughout the development lifecycle. This brief webinar looks at three crucial components of an effective risk management strategy [...]
WHITEPAPER: Threat Modeling for Secure Embedded Software
As embedded software becomes more mobile and connected, organizations must take additional steps to ensure their code is secure. To achieve this and combat ever-changing security threats, software engineering teams need to incorporate threat modeling, combined with updated tools and processes into their development[...]
WHITEPAPER: Streamlining D0-178B Efforts with Static Analysis
Given the complexity of today's airborne software systems, the use of automated tools can assist in the on-time and on-budget delivery of these projects. Automated source code analysis tools can help address key areas of the D0-178B guidance related to Software Verification and Software Lifecycle Data requirements. Learn how the defect and metrics analysis capabilities[...]