K7.7 pass rate exceeds 90% mark for SAMATE security flaws
BURLINGTON, Mass. — May 7, 2007 — Klocwork Inc., the proven leader of automated source code analysis software for improving software security and quality, today announced the release of Klocwork K7.7, building upon Klocwork’s enterprise-grade static analysis product suite with some notable security enhancements. In comprehensive testing involving more than 1376 known security vulnerabilities provided by the Software Assurance Metrics and Tool Evaluation (SAMATE), sponsored by the National Institute of Science and Technology (NIST) and the United States Department of Homeland Security, Klocwork secured a pass rate in excess of 90%. As part of the company’s comprehensive effort to show leadership in the capabilities of its security source code analysis technology, Klocwork successfully detected an extremely wide range of important C, C++ and Java security vulnerabilities including; buffer overflows, SQL injections, null pointer dereferences, cross site scripting, memory management issues and many other types of vulnerabilities.
A critical element of the K7.7 release is the expanded IDE support for Visual Studio .Net 2005 and IntelliJ IDEA, which allow developers to analyze their code within their own development environment – greatly reducing the cost of repairing flaws. K7.7 also introduces expanded stack traces for easier defect comprehension in Klocwork-supported IDEs, and the Klocwork Central web interface, which allows developers to quickly identify key security vulnerabilities.
K7.7 has added a number of notable upgrades including:
- New checker capabilities: K7.7 has added the ability to tag certain Java methods as unsafe, new Java coding warning practices and has improved the accuracy rate for existing C/C++ and Java checkers.
- Enhanced reporting capabilities: Klocwork remains the only static analysis solution provider to offer comprehensive analysis capabilities that provide quality and security metrics and trending reports, as well as architectural modeling tools.
“Up to now, the general consensus around software security and quality was that flaws were simply an inconvenience. Corporations, and by extension the general public, have begun to understand that software applications control critical applications in industries such as aerospace, finance, computer hardware, medical technology, safety critical embedded and transportation. If these applications were to be compromised, the results could be devastating,” said Gwyn Fisher, CTO of Klocwork. “As a result, developers are getting serious about software security and need industrial-strength automated tools to identify these potential threats so they can be corrected at time zero – the lowest cost-correction point in the software development process.”
Klocwork K7.7 continues to automatically incorporate customer feedback and run test cases on SAMATE security vulnerabilities as part of its quality assurance process. This ongoing analysis serves as a complement to Klocwork’s industry-leading defect and vulnerability identification, architectural analysis, and comprehensive software metrics and reporting tools. The enhanced capabilities of K7.7 will provide developers with the ability to detect potential problems early in the development lifecycle, therefore freeing up more time for creativity.
Klocwork helps developers create more secure and reliable software. Our tools analyze source code on-the-fly, simplify peer code reviews, and extend the life of complex software. Over 1000 customers, including the biggest brands in the mobile device, consumer electronics, medical technologies, telecom, military and aerospace sectors, have made Klocwork part of their software development process. Thousands of software developers, architects, and development managers rely on our tools everyday to improve their productivity while creating better software.