SOURCE: Klocwork, Inc.

May 07, 2007 11:16 ET

Klocwork Announces Expanded Security Vulnerability Detection

K7.7 Pass Rate Exceeds 90% Mark for SAMATE Security Flaws

BURLINGTON, MA -- (MARKET WIRE) -- May 7, 2007 -- Klocwork Inc., the proven leader of automated source code analysis software for improving software security and quality, today announced the release of Klocwork K7.7, building upon Klocwork's enterprise-grade static analysis product suite with some notable security enhancements. In comprehensive testing involving more than 1376 known security vulnerabilities provided by the Software Assurance Metrics and Tool Evaluation (SAMATE), sponsored by the National Institute of Science and Technology (NIST) and the United States Department of Homeland Security, Klocwork secured a pass rate in excess of 90%. As part of the company's comprehensive effort to show leadership in the capabilities of its security source code analysis technology, Klocwork successfully detected an extremely wide range of important C, C++ and Java security vulnerabilities including; buffer overflows, SQL injections, null pointer dereferences, cross site scripting, memory management issues and many other types of vulnerabilities.

A critical element of the K7.7 release is the expanded IDE support for Visual Studio .Net 2005 and IntelliJ IDEA, which allow developers to analyze their code within their own development environment -- greatly reducing the cost of repairing flaws. K7.7 also introduces expanded stack traces for easier defect comprehension in Klocwork-supported IDEs, and the Klocwork Central web interface, which allows developers to quickly identify key security vulnerabilities.

K7.7 has added a number of notable upgrades including:

--  New checker capabilities. K7.7 has added the ability to tag certain
    Java methods as unsafe, new Java coding warning practices and has improved
    the accuracy rate for existing C/C++ and Java checkers.
    
--  Enhanced reporting capabilities.  Klocwork remains the only static
    analysis solution provider to offer comprehensive analysis capabilities
    that provide quality and security metrics and trending reports, as well as
    architectural modeling tools.
    
"Up to now, the general consensus around software security and quality was that flaws were simply an inconvenience. Corporations, and by extension the general public, have begun to understand that software applications control critical applications in industries such as aerospace, finance, computer hardware, medical technology, safety critical embedded and transportation. If these applications were to be compromised, the results could be devastating," said Gwyn Fisher, CTO of Klocwork. "As a result, developers are getting serious about software security and need industrial-strength automated tools to identify these potential threats so they can be corrected at time zero -- the lowest cost-correction point in the software development process."

Klocwork K7.7 continues to automatically incorporate customer feedback and run test cases on SAMATE security vulnerabilities as part of their quality assurance process. This ongoing analysis serves as a complement to Klocwork's industry-leading defect and vulnerability identification, architectural analysis, and comprehensive software metrics and reporting tools. The enhanced capabilities of K7.7 will provide developers with the ability to detect potential problems early in the development lifecycle, therefore freeing up more time for creativity.

About Klocwork

Klocwork's automated source code analysis products detect and prevent security vulnerabilities and software defects. Our products provide entire development teams with tools to identify the root causes of software security and quality problems, track them throughout their software development process, ensure that they have been removed, and prevent them from reoccurring. Klocwork's award-winning technology has delivered significant ROI to more than 160 customers -- many of them Fortune 500 accounts, known for having the most demanding software development environments in the world. Klocwork is a privately held company with offices in Boston, San Jose, Chicago, Atlanta, Dallas, and Ottawa.

Klocwork and the Klocwork logo are registered trademarks of Klocwork, Incorporated in the United States and/or other countries. All other names are trademarks or registered trademarks of their respective companies.