Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

11/18/2009
09:15 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Klocwork Rolls Out New Source Code Analysis Tools For Agile

Klocwork Insight Pro offers personal productivity tools for the Agile software developer

BURLINGTON, Mass. " November 16, 2009 " Klocwork, Inc., the global leader in automated source code analysis solutions for improving developer productivity, today announced Klocwork Insight Pro, a new suite of developer tools aimed at maintaining high velocity throughout the software development process.

"Software development teams in all industries are embracing Agile as a way to boost their team's productivity and be more responsive to their customer's needs," says Mike Laginski, Klocwork CEO.

"Regardless of how far along the Agile curve a team might be, developers are expected to deliver more software in shorter iterations, creating a need for new tools that help meet these productivity goals."

Built upon Klocwork's proven source code analysis technology, Klocwork Insight Pro introduces three new tools designed to allow development organizations to achieve greater iteration velocity while reducing the risk of bug debt.

Continuous static analysis Klocwork Insight Pro provides powerful, continuous static analysis that detects critical defects and

security vulnerabilities at the developer desktop, as code is being written. This onthefly analysis

provides developers with immediate visibility into errors being made, or vulnerabilities being left open.

With a noclick usability model, attention to code quality and security becomes a natural part of every

developer's editing process, ensuring the best code possible at the earliest stage in the development

process.

Collaborative peer code reviews

Klocwork Insight Pro changes the model of traditional, inperson or scheduled code reviews with a

collaborative, peerbased tool that facilitates simple pre and post checkin reviews. Integrated with

popular configuration management environments and Klocwork's static analysis engine, code reviews

are conducted asynchronously over the web with Klocwork Insight Pro. Through a customizable RSS

feed, developers are notified of code that is ready for review and are able to quickly and easily identify

code changes, take part in threaded discussions around those changes, assign actions, and review

potential defects. This flexible approach to a traditionally heavyweight and unpopular practice ensures

bottomup adoption of this vital software verification process.

Automated code refactoring

Considered a development best practice and embraced by advocates of all modern development

methods, code refactoring is an integral part of the software development process. With Klocwork

Insight Pro, the complex task of refactoring is simplified. Using automated tools, developers can modify

their code towards overall patterns to achieve clean, easy to understand, and more maintainable code

designs without changing the code's function in any way.

"Agile practices are driven by the concept of keeping software quality high and having productionready

code at the end of every iteration," said Thomas Murphy, Gartner research director. "To achieve this

goal, software developers need appropriate tools and process support. Integrated tools that provide

developers with static analysis, refactoring, and collaborative code reviews can help make the potential

benefits of Agile a reality."

Klocwork Insight Pro will be generally available December 2009.

About Klocwork

Klocwork' source code analysis solutions boost the productivity of software development teams while

helping to ensure code security, quality and stability of complex code bases. Through proven static

analysis techniques, Klocwork removes bottlenecks at the earliest stages of the software development

process and enables software developers to find critical security vulnerabilities, quality defects and

architectural issues quickly and accurately. More than 600 organizations have achieved higher code

security and quality with Klocwork.

Contact Klocwork for more information at www.klocwork.com or [email protected]

Klocwork and the Klocwork logo are registered trademarks of Klocwork, Incorporated in the United States and/or other

countries. All other names are trademarks or registered trademarks of their respective companies.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21392
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addre...
CVE-2021-21393
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
CVE-2021-29429
PUBLISHED: 2021-04-12
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded in...
CVE-2021-21394
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
CVE-2021-22497
PUBLISHED: 2021-04-12
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.