RSS
Relevant Reads
WHITEPAPER: When, Why and How to Leverage Source Code Analysis Tools
Automated source code analysis is technology aimed at locating and describing areas of weakness in source code. [...]
WEBINAR:Modernize your Development by Moving Build and Code Quality Upstream
a candid discussion of the cost savings, productivity and quality benefits that can be achieved by stabilizing builds and code quality as early in the development cycle as possible. [...]
RESOURCES:The Tips and Tricks Guide to Software Security Assurance
This Tips and Tricks guide breaks down the topic of software security assurance into a series of questions that fall into four key areas. [...]
Solutions - Security Coding Standards
The risk of regulatory infringement, brand damage and loss of market share arising from exploited security vulnerabilities in sensitive systems can be extremely costly. Klocwork static analysis automates the detection of hundreds of different potential security vulnerabilities in software code while giving development teams a consistent, tool-based approach to identifying and remediating these issues.
As part of its commitment to providing comprehensive security vulnerability analysis, Klocwork is actively supporting the following initiatives to ensure that its own vulnerability research is aligned with industry and government best practices
Common Weakness Enumeration (CWE)
A MITRE initiative, CWE™ provides a unified, measurable set of software weaknesses that is enabling more effective discussion, description, selection, and use of software security tools and services that can find these weaknesses in source code and operational systems.
Klocwork has declared Phase II compliance with CWE, summarized in the table below.
| Requirement | CWE Declaration | Description |
| CWE Output | Yes | All Klocwork analysis results can be reported using CWE identifiers |
| CWE Searchable | Yes | Klocwork product documentation provides searchable CWE identifiers |
| CWE Coverage | Yes | Klocwork's CWE coverage is available within Klocwork's product documentation. |
CERT Secure Coding Standards
In association with the Software Engineering Institute (SEI) at Carnegie Mellon University, the CERT Secure Coding Initiative works with software developers and software development organizations to reduce vulnerabilities resulting from coding errors before they are deployed. CERT identifies common programming errors that lead to software vulnerabilities, publishes secure coding standards, and educates software developers with the goal of advancing the state of the practice in secure coding. Klocwork analysis results and documentation include the corresponding CERT standard violation. The published list of Klocwork issue checkers and their corresponding CERT standard can be found at the CERT website or Klocwork online documentation.
SAMATE
SAMATE (or, the Software Assurance Metrics and Tool Evaluation) is sponsored by the U.S. Department of Homeland Security (DHS) National Cybersecurity Division and NIST. The objective of part 3, Technology (Tools and Requirements) is the identification, enhancement and development of software assurance tools. NIST is leading in (A) testing software evaluation tools, (B) measuring the effectiveness
Learn More
- Watch the online presentation to see how Klocwork's solution fits into your development environment.
- Browse our vulnerability page or read our When, Why and How to Leverage Source Code Analysis Tools whitepaper to learn more about the types of issues that can be detected by Klocwork, including a description of their impact along with code examples.
- Check out our online product documentation to see the comprehensive list of issues that Klocwork can detect.
- See a technical demo of a 0day exploit that shows how a vulnerability found by Klocwork can be exploited.