Archive for 2011

  • IDE vs text editor

    on May 10, 11 • by Alen Zukich • with 8 Comments


    I’m sure this topic has been discussed a million times, but hey, here we go again.  A recent question came up on whether people liked their experience of Eclipse vs. Visual Studio.  Of course this brought up the advantages of one versus the other.  But is that really a fair comparison? It really depends.  What type of application are you building — a native Windows application?  Surely going with Visual Studio makes sense. But if the goal is cross-platform, then you might look at Eclipse. Glad to see people are thinking about IDEs, but what

    Read More »
  • Stack smashing

    on May 3, 11 • by Alen Zukich • with No Comments


    A while ago I talked about memory overflows.  Now in this latest installment, as we look at more interesting bugs, I’ve come across a new example.  Here is a situation described by a customer as “stack smashing”, which occurs when you copy a string of unknown length into a fixed buffer size. Just like the memory overflow post this is another form of a buffer overflow.  So there you have it, just more terminology to describe bad things in your code.  Gwyn promises to give a follow up to these posts with some details on

    Read More »
  • Toughen up your code with software security best practices

    on Apr 28, 11 • by Patti Murphy • with No Comments


    Crying into your wadded Kleenex about how your vulnerabilities were exploited may make for compelling TV, but when it comes to software security, they’ll cost you a lot more than your personal dignity. Or maybe they’ll cost you millions of dollars in lost business and your personal dignity. Why not toughen up your code by implementing software security best practices that prevent or mitigate the risks? That’s why you should head on over to the Klocwork Developer Network and check out the free eLearning courses provided by Security Innovation, an industry leader in software security

    Read More »
  • Will source code analysis change developer culture?

    on Apr 26, 11 • by Alen Zukich • with No Comments


    Will source code analysis (SCA) or static analysis change developer culture? The answer really depends on the developer’s skill set. In my experience, there are developers who are excellent at what they do (visionaries), and then there are some that just don’t get it (fence posts). I’m not here to talk about the visionaries — they already get it. They know that SCA techniques help find critical issues early in the development cycle. Sometimes SCA finds great stuff, sometimes it doesn’t. But it’s always worth the time, because it makes developers better at what they do. In fact, it’s

    Read More »
  • Building a Software Security Threat Model

    on Apr 20, 11 • by Brendan Harrison • with 5 Comments


    We’ve talked at length before regarding software security assurance and the role static analysis can play in ensuring code is written securely. We’ve got a bunch of great resources for anyone looking to dive into this particular aspect of software security: Summary of various secure coding standards, including links to specific checkers supported by Klocwork Free secure coding e-learning courses, including an intro to Microsoft’s secure development lifecycle A ‘buyer’s guide’ to selecting a static analysis tool as part of a secure coding program authored by a major payment software company To build on this,

    Read More »
  • Memory overflows

    on Apr 12, 11 • by Alen Zukich • with 1 Comment


    A few years back a customer said they had all kinds of trouble with bugs corrupting their stack.  Even though they asked if source code analysis tools could help find stack corruption, once we got an example, we found that they were really looking for was memory overflows.  So what on earth is a memory overflow?  Does that even exist? Yes, except it is probably not what you’re thinking, it’s not the same as a memory leak;  a memory overflow is quite different.  A memory overflow is really just a form of a buffer overflow. 

    Read More »
  • A Rockin’ Agile Roadshow

    on Apr 7, 11 • by Todd Landry • with No Comments

    10-23-2012 3-19-08 PM

    Last week I toured the West coast with our friends from VersionOne, Perforce, and Electric Cloud on our Agile roadshow hitting the cities of Seattle, Santa Clara, and San Diego. In one of the after meeting discussions, one of the attendees asked me what the differences were between Agile and Lean. Having only been involved with Lean from an outside perspective, I didn’t really think there were huge differences and that they shared many of the same beliefs. Luckily, it looks like others believe this to be the case too. So rather than me trying

    Read More »
  • Klocwork Starts 2011 With Record Q1

    on Apr 7, 11 • by Meranda Powers • with No Comments

    Quarter highlighted by 57 percent growth in license bookings and significant customer wins BURLINGTON, Mass — Apr 07, 2011 — Klocwork, Inc, the global leader in automated source code analysis solutions for improving developer productivity, announced the close of a successful Q1 2011 that included record revenue driven by a 57 percent growth in license bookings as compared to Q1 2010. "On the heels of a very successful 2010, I’m happy to report another great quarter," said Mike Laginski, chief executive officer, Klocwork. "The combination of record Q1 revenue, a surge in license sales, and

    Read More »
  • Klocwork Developer Network Set to Go Live

    on Mar 22, 11 • by Alan Weekes • with No Comments

    Our dilemma: How do we remove the barriers to knowledge about Klocwork's toolset, and developer best practices for creating high-quality code? The answer: Klocwork Developer Network--a new online portal designed for learning, sharing and discussing all things source code analysis.

    Read More »
  • Static analysis cures all ills?

    on Mar 17, 11 • by Alen Zukich • with No Comments

    There was a recent article from Mark Pitchford titled: “Think static analysis cures all ills? Think again.” Obviously being biased working here at Klocwork, I take a major exception to what Mark has to say. This article makes ridiculous claims. About the only thing Mark got right was that static analysis has been around for a long time. However it’s ludicrous to think that they’re the same as they were in the past. That’s like saying computers from decades ago are the same as today. The advancement has been huge for static analysis tools, especially in the last couple

    Read More »
Scroll to top