SDC Systems » Software Development Life Cycle Tools » Rogue Wave Software » Klocwork » Standards » Klocwork Quality Standard

Klocwork Quality Standard

The Klocwork Quality Standard provides an easy way to monitor, manage, and improve the reliability of your software projects. The Quality analysis report provides an at-a-glance health check for your software project. Review items such as the trends for the top 3 quality issues and areas of source code with the most quality concerns.

By applying the Klocwork Quality Standard checks to new or existing projects, software defects are classified into categories such as suspicious code practices, resource leaks, maintainability, performance, and more. The built-in quality report will show you the trends, new issues, and areas of code with the most issues in these categories. This allows developers and managers to focus their efforts on the categories which are most critical to improving the quality of their software projects.

The Klocwork Quality Standard report can also be enhanced by running Cyclometric Complexity reports to help the development team pin point high levels of inherent complexity and ultimately set about the task of reducing the level. Technical Debt

Klocwork allows you to monitor the complexity of software builds using industry known metrics. For example, you can start monitoring your McCabe’s Cyclometric complexity for every build. This measurement shows you how “off” you are from the standard. (McCabe’s complexity dictates anything over a value of 20 as very complex.) More importantly, teams should be monitoring the trend of that metric. Seeing a large spike with one version versus the previous might be evidence that complexity issues are impacting your process.

Tracking these metrics in order to identify opportunities to reduce complexity and make code more maintainable (regardless of who is working on it) should be considered. Not addressing code complexity will have a negative impact on the velocity of a software project — which can spell disaster in an Agile development environment.

Klocwork includes built-in checkers to support all of the leading Security standards CWE, CERT, DISA STIG, CWE/SANS Top 25, OWASP, MISRA. Klocwork also allows organisations to quickly introduce their own customised security checkers to meet the ever-changing threat landscape

SDC can customise and develop specific additional checkers to tailor the Quality report to meet your exact requirements and add additional analysis for Code Coverage and Open Source Software Analysis.

Trapping Security Vulnerabilities

Defensive coding through automation with a threat model in hand, developers can begin to drill-down and identify the specific security vulnerabilities that could expose their embedded software to risk. Programmers, however, aren’t security experts and can miss common security gaps, logic errors, and concurrency violations that expose code to external threats.

Automated static code analysis (SCA) tools can assist embedded software developers by helping to eliminate security vulnerabilities early in the development cycle. While automotive software development teams are familiar with traditional SCA tools, they’re limited to finding programmatic bugs only. Modern tools can detect security vulnerabilities and defects as the developer is writing code. This helps developers build security into their code and reduce risk as early as possible, without burdening the project with a lengthy defect-testing phase.

Static analysis tools can identify hundreds — if not thousands — of security vulnerabilities, including critical vulnerabilities such as buffer overflows, uninitialized data, use of dangling pointers, injection flaws, and the use of known insecure APIs and libraries.

About Rogue Wave Software

Rogue Wave Software are the largest independent provider of cross-platform software development tools and embedded components in the world. Through decades of solving the most complex problems across financial services, telecommunications, healthcare, government, academia, and other industries, Rogue Wave tools, libraries, and services enable developers to write better code, faster. More details…

Find out more…

For more information on Klocwork static analysis tools, the Klocwork Quality Standard or to arrange a 7-day free trial, please complete the form below.