Klockwork Delivers Source Code Analysis Solution with New K7.1

CGIDir
Thursday, June 29, 2006; 08:51 AM

Klocwork Inc., developer of automated software for improving software security and quality, shipped the latest release of its static analysis product suite, Klocwork K7.1. Klocwork K7.1 extends Klocwork's leadership in automated defect and vulnerability detection through the addition of dozens of new checkers for C, C++ and Java source code analysis, in addition to enhanced capabilities that make it easier for K7.1 to be integrated into complex development environments.

Additionally, as part of Klocwork's ongoing analysis of open source software, the company also announced the results of its analysis of the Amanda, Samba, and XMMS open source projects using K7.1. Klocwork analyzed the versions of each open source programs that were previously deemed defect-free by another source code analysis vendor, and identified hundreds of defects and vulnerabilities across the three projects. Klocwork has provided detailed information on these critical defects to the maintainers of Amanda, Samba and XMMS in a community-based effort to help improve the quality of the software while eliminating security vulnerabilities that hackers and criminals can exploit.

"The Klocwork code analysis tool found many genuine bugs we had missed from prior static analysis. Its ongoing use will greatly improve and maintain the quality of future Samba releases," said Jeremy Allison, co-author of Samba. "Many thanks to Klocwork for its support of the Samba project."

Klocwork's award-winning static analysis suite enables cross-functional development teams to quickly identify software defects and vulnerabilities. With K7.1, users can find defects quickly with greater thoroughness and accuracy. The new version easily integrates with complex build systems and will automatically recognize any changes to a customer's build, ensuring the Klocwork integration is maintained. Klocwork has expanded the breadth of security vulnerability analysis by adding 44 new vulnerability checkers across Java, C, and C++. Klocwork K7.1 also features ARM Compiler and Java 1.5 support.

"Klocwork's static analysis tools have been used by major enterprises to manage their software development - which typically entails millions of lines of code - globally," said Ian Gordon, vice president of product management at Klocwork. "Our customers are the leaders and innovators in their markets, and they understand the importance of finding and eliminating coding errors and security vulnerabilities early on in the development process. With K7.1's improved integration and extended support for Java and C++ development, our customers are going to see more accuracy results to help reduce the amount of time spent fixing coding errors and increase the amount of time spent developing innovative new features."

Announced in February 2005, Klocwork's open source program is designed to enable open source organizations to leverage Klocwork's award-winning static analysis tool to remove critical defects and security vulnerabilities from software source code. The program - available at no cost to qualified open source organizations - involves analyzing source code, reporting the defects to the development team, and then re-analyzing the code to ensure that the defects have been fixed. Klocwork has already analyzed open source projects including Apache, Firefox, Berkeley DB, MySQL and PostgreSQL, working to make the software more secure and reduce critical defects.