Latest version used to identify new critical defects found in open source projects including Amanda, Samba and XMMS
BURLINGTON, Mass. — Jun 26, 2006 — Klocwork Inc., the proven leader of automated software for improving software security and quality, today shipped the latest release of its static analysis product suite, Klocwork K7.1. Klocwork K7.1 extends Klocwork’s leadership in automated defect and vulnerability detection through the addition of dozens of new checkers for C, C++ and Java source code analysis, in addition to enhanced capabilities that make it easier for K7.1 to be integrated into complex development environments.
Additionally, as part of Klocwork’s ongoing analysis of open source software, the company also announced the results of its analysis of the Amanda, Samba, and XMMS open source projects using K7.1. Klocwork analyzed the versions of each open source program that were previously deemed defect-free by another source code analysis vendor and identified hundreds of defects and vulnerabilities across the three projects. Klocwork has provided detailed information on these critical defects to the maintainers of Amanda, Samba and XMMS in a community-based effort to help improve the quality of the software while eliminating security vulnerabilities that hackers and criminals can exploit.
“The Klocwork code analysis tool found many genuine bugs we had missed from prior static analysis. Its ongoing use will greatly improve and maintain the quality of future Samba releases,” said Jeremy Allison, co-author of Samba. “Many thanks to Klocwork for its support of the Samba project.”
Klocwork’s award-winning static analysis suite enables cross-functional development teams to quickly identify software defects and vulnerabilities. With K7.1, users can find defects quickly with greater thoroughness and accuracy. The new version easily integrates with complex build systems and will automatically recognize any changes to a customer’s build, ensuring the Klocwork integration is maintained. Klocwork has expanded the breadth of security vulnerability analysis by adding 44 new vulnerability checkers across Java, C, and C++. Klocwork K7.1 also features ARM Compiler and Java 1.5 support.
“Klocwork’s static analysis tools have been used by major enterprises to manage their software development – which typically entails millions of lines of code – globally,” said Ian Gordon, vice president of product management at Klocwork. “Our customers are the leaders and innovators in their markets, and they understand the importance of finding and eliminating coding errors and security vulnerabilities early on in the development process. With K7.1′s improved integration and extended support for Java and C++ development, our customers are going to see more accurate results to help reduce the amount of time spent fixing coding errors and increase the amount of time spent developing innovative new features.”
Announced in February 2005, Klocwork’s open source program is designed to enable open source organizations to leverage Klocwork’s award-winning static analysis tool to remove critical defects and security vulnerabilities from software source code. The program, which is available at no cost to qualified open source organizations, involves analyzing source code, reporting the defects to the development team, and then re-analyzing the code to ensure that the defects have been fixed. Klocwork has already analyzed open source projects including Apache, Firefox, Berkeley DB, MySQL and PostgreSQL, working to make the software more secure and reduce critical defects.
To have your open source project analyzed, contact firstname.lastname@example.org.
Klocwork helps developers create more secure and reliable software. Our tools analyze source code on-the-fly, simplify peer code reviews, and extend the life of complex software. Over 1000 customers, including the biggest brands in the mobile device, consumer electronics, medical technologies, telecom, military and aerospace sectors, have made Klocwork part of their software development process. Thousands of software developers, architects, and development managers rely on our tools everyday to improve their productivity while creating better software.