Not used
Try Klocwork on your code. Static source code analysis for FREE.
Request your free Klocwork Insight demo.
Learn how Klocwork can remove productivity bottlenecks in your development process.

Relevant Reads

WHITEPAPER: When, Why and How to Leverage Source Code Analysis Tools

Automated source code analysis is technology aimed at locating and describing areas of weakness in source code. [...]

WEBINAR:Modernize your Development by Moving Build and Code Quality Upstream

a candid discussion of the cost savings, productivity and quality benefits that can be achieved by stabilizing builds and code quality as early in the development cycle as possible. [...]

RESOURCES:The Tips and Tricks Guide to Software Security Assurance

This Tips and Tricks guide breaks down the topic of software security assurance into a series of questions that fall into four key areas. [...]



Solutions - Security Coding Standards

The risk of regulatory infringement, brand damage and loss of market share arising from exploited security vulnerabilities in sensitive systems can be extremely costly. Klocwork static analysis automates the detection of hundreds of different potential security vulnerabilities in software code while giving development teams a consistent, tool-based approach to identifying and remediating these issues.

As part of its commitment to providing comprehensive security vulnerability analysis, Klocwork is actively supporting the following initiatives to ensure that its own vulnerability research is aligned with industry and government best practices

Common Weakness Enumeration (CWE)

A MITRE initiative, CWE provides a unified, measurable set of software weaknesses that is enabling more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems.

Klocwork has declared Phase II compliance with CWE, summarized in the table below.

RequirementCWE DeclarationDescription
CWE OutputYesAll Klocwork analysis results can be reported using CWE identifiers
CWE SearchableYesKlocwork product documentation provides searchable CWE identifiers
CWE CoverageYesKlocwork's CWE coverage is available within Klocwork's product documentation.

CERT Secure Coding Standards

In association with the Software Engineering Institute (SEI) at Carnegie Mellon University, the CERT Secure Coding Initiative works with software developers and software development organizations to reduce vulnerabilities resulting from coding errors before they are deployed. CERT identifies common programming errors that lead to software vulnerabilities, publishes secure coding standards, and educates software developers with the goal of advancing the state of the practice in secure coding. Klocwork analysis results and documentation include the corresponding CERT standard violation. The published list of Klocwork issue checkers and their corresponding CERT standard can be found at the CERT website or Klocwork online documentation.

SAMATE

SAMATE (or, the Software Assurance Metrics and Tool Evaluation) is sponsored by the U.S. Department of Homeland Security (DHS) National Cybersecurity Division and NIST. The objective of part 3, Technology (Tools and Requirements) is the identification, enhancement and development of software assurance tools. NIST is leading in (A) testing software evaluation tools, (B) measuring the effectiveness

Learn More