Klocwork helps developers create more secure and reliable software. Our tools analyze source code on-the-fly, simplify peer code reviews and extend the life of complex software. Over 1,100 customers in the mobile device, consumer electronics, medical technologies, telecom, automotive, gaming, military and aerospace sectors rely have made Klocwork part of their software development process.

Our Website:

Latest Content From Klocwork

Whitepaper: Challenging Some of the Myths About Static Code Analysis

by KlocworkJun 01, 2014

Why Static Code Analysis? Static code analysis, or SCA, can be described as the analysis of whole-program source code without the execution of that program. A number of interpretations and even misconceptions about this technology and how it impacts or benefits you, the developer, have emerged over time. You may have heard some of them yourself.

Thankfully, there is also a lot of information about the many benefits SCA provides, from faster project execution, to better source code at check-in, to less costly development cycles and shorter time-to-market. At Klocwork, that's certainly the page we're on. We make SCA tools that are extremely valuable to developers, helping you identify and fix source code security vulnerabilities, defects, standards violations or other issues early in the development process - in our case, on your desktop, while you're writing your code.

To help tell the right story, we put this paper together to dispel some of the 'myths' about SCA, myths that serve mostly to distort the true value static analysis can bring to you and your software development lifecycle (SDLC).

Whitepaper: Defend Against Injection-based Attacks

by KlocworkDec 22, 2013

Injection vulnerabilities allow a malicious attacker to insert specific commands into an application or code that will execute undesired behaviour on their behalf. These attacks usually exploit an application at the point where it requests user input for later processing. The most common types of injection vulnerabilities include SQL Injection, Command Injection, Cross Site Scripting, XPath and LDAP Injection.

This paper provides a detailed description of injection vulnerabilities, discusses how they present themselves to both end users and software developers, and explains mitigation strategies to help resolve the various types of injection attacks.

Webcast: Catch the Security Breach Before It’s Out of Reach

by KlocworkNov 19, 2013

Software security breaches can happen in many places, including at the source code level.  

Join us for this interactive, practical discussion to:

  • Understand how data breaches occur in web, desktop and mobile applications
  • Uncover techniques to recognize and assess potential problems in source code
  • Identify potential application security problems in your code
  • Use automated tools like static and dynamic analysis for weakness detection

Opportunities for vulnerable code breaches are often created innocently enough, sometimes because we don't know what to look for. Register for this webinar and end your code breaches today.

Webcast: Mitigating M2M Security Risks in Critical Embedded Systems

by KlocworkJun 20, 2013

Machine-to-Machine (M2M) communication offers enormous potential to expand the capabilities of devices, including remote wireless management and updates.
However, there are profound security implications as the software running therein must be completely fault-tolerant and hardened from attack.

Join this webinar to learn about:

  • Common attacks, threats  and security considerations for embedded software
  • Using static analysis to find and fix security vulnerabilities  
  • Application whitelisting – preventing malware and unauthorized changes
  • Employing threat modeling as a defensive measure against security threats  
Register Now.

Whitepaper: Threat Modeling For Secure Embedded Software

by KlocworkApr 24, 2012

As embedded software becomes more mobile and connected, organizations must take additional steps to ensure their code is secure. To accomplish this goal and combat ever-changing security threats, software engineering teams need to incorporate threat modeling, combined with updated tools and processes into their development plans.

This paper examines threat modeling and explains how it can be used in concert with secure development best practices, including defensive coding, automated source code analysis, peer code reviews, and penetration testing to both identify and mitigate embedded software threats.

Whitepaper: Developing Software in a Multicore and Multiprocessor World

by KlocworkNov 01, 2010

In the push to meet demands for functionality and speed, software teams are moving away from single processor architectures at a rapid rate. But the realities of developing software for these next-gen architectures is adding significant complexity when it comes to identifying errors in the software - specifically concurrency errors and endian incompatibilities.

Our latest technical white paper looks at the issues of developing for multicore and multiprocessor environments in detail, explains how Klocwork's tools can be used to address them, and walks through two examples of these issues in prominent open source projects.

Whitepaper: Challenges of Multi-core and Multi-processor Software Development

by KlocworkSep 14, 2010

In this exclusive research report from VDC, learn how the growth in multi-core and multi-processor architectures is introducing a new set of challenges for embedded software engineering teams, impacting project schedules, and causing cost overruns.

Demanding more sophisticated feature sets, advanced user interfaces, and perpetual connectivity, the next-generation of embedded devices are driving the accelerated adoption of multi-core and multi-processor architectures. This exclusive report, using data from VDC Research�s 2010 Embedded Engineering Survey, highlights the new realities of developing software for these advanced platforms, including: Added software complexity and the need to resolve endian incompatibility and concurrency issues, Strains on software engineering manpower and programming talent gaps, Extended project schedules and cost overruns

Whitepaper: The Value and Importance of Code Reviews

by KlocworkApr 09, 2010

Did you know that most code reviews are conducted in an ad hoc fashion, don�t always include the right people, and fail to take advantage of the latest tools and technology? That�s according to new research that looks at the state of peer code review today.

The exclusive study commissioned by Klocwork and conducted by Forrester Consulting provides valuable data and insights that will help you benchmark and improve your peer code review practices, including:

� Identifying the top challenges to conducting effective code reviews
� Ranking respondent�s feedback on code review benefits, frequency & technologies used
� Providing recommendations on ways to modernize the code review process.

Apply these research findings to improve your code review practices today.