Printer Friendly
The Free Library
14,670,786 articles and books
Member login
User name  
Password 
 
Join us Forgot password?

Klocwork Code Improvement Program Makes Open Source Software More Secure and Reduces Critical Defects.


BURLINGTON, Mass. -- Klocwork Analyzes Several Popular Open Sources Programs Including Apache, Firefox, Berkeley DB (Berkeley DataBase) An open source database system that uses "key=value" pairs and is used to create indexes to tables and other data structures. For example, a record could hold a key (account number) and its value (row number), although a value can be any data structure , MySQL and PostgreSQL

Klocwork Inc., the leading provider of automated solutions that improve software quality and security, announced a new program that enables open source organizations to leverage Klocwork's static analysis tools to remove critical defects and security vulnerabilities from software source code. The program - available at no cost to qualified open source organizations - involves analyzing source code, reporting the defects to the development team, and then re-analyzing the code to ensure that the defects have been fixed.

As part of the program, Klocwork to date has analyzed open source software from the Apache Foundation (Apache Web Server See Apache.  2.0.50), the Mozilla Foundation (body, World-Wide Web, open source) Mozilla Foundation - The body set up by Netscape in January 1998 to coordinate development of the Mozilla browser and to provide a point of contact.

Mozilla Home.  (Firefox 1.0), MySQL AB MySQL AB (founded 1995) is dual headquartered in Uppsala Sweden and Cupertino California USA. The company is the creator and owner of MySQL, a relational database management system.  (MySQL 4.1.9), PostgreSQL (PostgreSQL 8.0.0 beta 5), the Free Software Foundation (CVS (1) (Concurrent Versions System) A version control system for Unix that was initially developed as a series of shell scripts in the mid-1980s. CVS maintains the changes between one source code version and another and stores all the changes in one file.  1.11.19), and Sleepycat Software Sleepycat Software, Inc. was the commercial entity behind the Berkeley DB, a widely used free software developer database with over 200 million deployments worldwide, now part of Oracle Corporation.  (Berkeley DB 4.3.23, Berkeley DB XML XML
 in full Extensible Markup Language.

Markup language developed to be a simplified and more structural version of SGML. It incorporates features of HTML (e.g., hypertext linking), but is designed to overcome some of HTML's limitations.  2.0.4, Berkeley DB Java Edition 1.7).

Sleepycat Software, makers of the widely used Berkeley DB developer database, is one of the first open source companies to participate in this program. Klocwork's static analysis testing tools analyzed approximately 160,000 lines of code The statements and instructions that a programmer writes when creating a program. One line of this "source code" may generate one machine instruction or several depending on the programming language. A line of code in assembly language is typically turned into one machine instruction.  and identified nine critical coding defects in Berkeley DB. Klocwork presented the code analysis to Sleepycat, worked with its developers to correct the defects, and then verified the identified defects were fixed, and that no new critical defects were introduced in the process.

"In addition to being used by many leading commercial customers, Berkeley DB is also used by many open source projects, including Linux, BSD UNIX (Berkeley Software Distribution Unix) The name of the BSD operating system releases when it contained the original AT&T Unix code. In the mid-1990s, the AT&T code was removed, and the OS was officially known as BSD. See BSD. , Apache, OpenLDAP, Kerberos, Mozilla, and OpenOffice," said Dave Segleau, vice president of engineering at Sleepycat Software. "As a result, it is absolutely critical that we deliver software of the highest quality. Our software development practices include numerous layers of testing, and Klocwork's tools are an important addition to this. Because of the multi-dimensional analysis provided by Klocwork, we're able to find and fix defects and security vulnerabilities before submitting code to our formal testing and verification team. Klocwork's static analysis tools have become an integral part of our software testing Software testing is the process used to measure the quality of developed computer software. Usually, quality is constrained to such topics as correctness, completeness, security, but can also include more technical requirements as described under the ISO standard ISO 9126, such  process."

For organizations that develop software for internal use or to sell, the presence of defects or security vulnerabilities makes software an operational risk. Klocwork's static analysis tools help transform software from a potential operational risk to a business asset. Klocwork's products already have delivered proven value to customers, such as Raytheon, Motorola, Cisco, Avaya, Alcatel, and Hewlett-Packard. Benefits include reducing development time, saving development money, and improving software performance, reliability, and security.

"We recognize that smart development organizations, whether they be open source communities or for-profit companies, utilize numerous testing approaches and methodologies," said Djenana Campara, Klocwork CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. . "All defects are not created equal, and the unique value that Klocwork brings to the open source community through this program is the ability to do multi-dimensional analysis of open source code. It is one thing to measure defect density (programming) defect density - The ratio of the number of defects to program length.  - or number of defects per 1,000 lines of code. What makes a real impact, however, is an understanding of flaws in the overall architecture and system within source code in order to address deep-rooted quality problems and improve coding processes so new defects are not introduced during later development. This is Klocwork's strength and we are pleased to bring this to the open source community."

"Best practices show that in organizations where upper management has embraced quality as a strategic initiative, and have passed that down as a piece of core competency A core competency is something that a firm can do well and that meets the following three conditions specified by Hamel and Prahalad (1990):
  1. It provides customer benefits
  2. It is hard for competitors to imitate
  3. It can be leveraged widely to many products and markets.
 and core value throughout the organization, there is far greater success in satisfying the customer with high quality software," said Theresa Lanowitz, a research director with Gartner. "Developers need to have an arsenal of tools for themselves that empower them to create a higher quality piece of code, and this arsenal needs to include static analysis tools. Only static analysis can identify software issues such as security vulnerabilities, buffer overflows and memory leaks, all of which equates to business risk."

"Two of the most important trends in IT are open source and improving software quality," said Tom Rhinelander, analyst with New Rowley Group. "With businesses, governments, and other organizations throughout the world increasing their investment and reliance on open source solutions, Klocwork's program dramatically helps deliver better software. I expect many open source organizations to take advantage of this no-cost but high reward opportunity."

In addition to Sleepycat Software, Klocwork submitted a prioritized set of critical security vulnerabilities and software defects to other open source projects that are in various stages of analyzing, fixing or verifying their product releases. For more information on the initiative, please send a request to info@klocwork.com.

About Klocwork

Klocwork is the leading provider of automated static analysis solutions for understanding and perfecting software. Klocwork's static analysis products detect and prevent security vulnerabilities and software defects, and provide architectural visualization and modeling tools to provide dramatic improvements to company's source code. The firm's patented core technology was developed and used for five years within Nortel Networks (Nortel Networks Limited, Brampton, Ontario, www.nortelnetworks.com) A world leader in telecommunications products, which includes switching, wireless and broadband systems for service providers and carriers, telephones and systems for residential and business users, computer telephony  and has been deployed at several Fortune 500 accounts, known for having the most demanding software development environments in the world. Klocwork is a privately held company privately held company

A firm whose shares are held within a relatively small circle of owners and are not traded publicly.  with offices in Burlington, Mass., San Jose, Calif., Chicago and Ottawa.

Klocwork and the Klocwork logo are registered trademarks of Klocwork, Incorporated in the United States and/or other countries. All other names are trademarks or registered trademarks of their respective companies.
COPYRIGHT 2005 Business Wire
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:Business Wire
Date:Feb 17, 2005
Words:908
Previous Article:Principal Bank Introduces Safe Harbor IRA.
Next Article:Martinrea International Inc. Announces Acquisition of Metal Forming Plant in Indiana and Incremental Takeover Business.



Related Articles
Dedicated, automatic tire sidewall inspection.
Opening the door to open source. (Enterprise Networking).
Open source security-still a myth.(OPEN SOURCE SOFTWARE)
Klocwork CTO Advocates Best Practices for Secure Software Development at Leading Security Forums.
A software metrics primer.(SOFTWARE METRICS EXPLAINED)
A guide to software metrics.(TEACH-IN)
The rules of open source.(Hindsight)
Principles of Extreme Programming.(EXTREME PROGRAMMING)
The fortress and the bazaar: open-source and DOD software.
Klocwork Delivers Industry's Most Complete and Accurate Source Code Analysis Solution with New K7.1; Latest Version Used to Identify New Critical...

Terms of use | Copyright © 2009 Farlex, Inc. | Feedback | For webmasters | Submit articles