Software security assurance solution combines CWE Certification with leading source code analysis capabilities
Burlington, Mass — Mar 26, 2012 — Klocwork Inc, the global leader in automated source code analysis (SCA) solutions for developing more secure and reliable software, today announced that Klocwork Insight™ has achieved an official Certificate of Common Weakness Enumeration (CWE™) Compatibility for attaining the highest level of CWE support that is currently offered by The MITRE Corporation’s formal CWE Compatibility and Effectiveness Program. Klocwork is among a select group of organizations to achieve this software security certification.
As a software assurance strategic initiative co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security, the CWE is helping to define and categorize the most common weaknesses affecting software security, including buffer overflows, format string vulnerabilities and un-validated user inputs. Through its Compatibility and Effectiveness Program, the not-for-profit organization provides a formal review, evaluation and certification process for companies wishing to comply with CWE standards.
"To us, the CWE initiative represents an important collaboration between industry, government and academia to make secure coding principles easily accessible to the software development community," said Alen Zukich, director of product management, Klocwork. "As an organization committed to providing comprehensive software security capabilities, pursuing and achieving CWE compliance is part of Klocwork’s ongoing efforts to ensure we offer our customers the most sophisticated security analysis possible."
As a CWE Compatible product, Klocwork Insight’s analysis results, documentation and reporting capabilities align with CWE identifiers, allowing customers to implement a software security assurance program that aligns with CWE.
"By adopting CWE identifiers into their product, Klocwork has demonstrated a commitment to providing a source code analysis solution that leverages the best information and mitigation strategies available," said Gary Gagnon, vice president and chief security officer, MITRE.
Learn more about Klocwork Insight and its security vulnerability detection and reporting capabilities by visiting http://www.klocwork.com/solutions/security-coding-standards/.
About The MITRE Corporation
The MITRE Corporation is a not-for-profit organization that provides systems engineering, research and development, and information technology support to the government. It operates federally funded research and development centers for the Department of Defense, the Federal Aviation Administration, the Internal Revenue Service and Department of Veterans Affairs, the Department of Homeland Security, and the Administrative Office of the U.S. Courts, with principal locations in Bedford, Mass., and McLean, Va. To learn more, visit www.mitre.org.
Klocwork helps developers create more secure and reliable software. Our tools analyze source code on-the-fly, simplify peer code reviews, and extend the life of complex software. Over 1000 customers, including the biggest brands in the mobile device, consumer electronics, medical technologies, telecom, military and aerospace sectors, have made Klocwork part of their software development process. Thousands of software developers, architects, and development managers rely on our tools everyday to improve their productivity while creating better software.