The art of outsourcing your software development

Take a look at this practical guide to avoid headaches when outsourcing your software development. Don’t get lost and don’t be fooled! This paper presents and assesses the different techniques for the software evaluation that a “receptor” (recipient organization) of externally developed software can apply to determine the intrinsic aspects  (performance, security, efficiency, etc)  of the delivered software. Let’s take a look at paper’s… Read more →


OWASP Top 10: how to discover vulnerabilities in your CSharp applications

In this article, you will learn which are the top 10 security issues in web applications (called OWASP TOP 10). For each vulnerability you will get how to know if your code is protected against it and how to analyze it automatically. This post is the second part of another post about discovering vulnerabilities in a Java application. How can I… Read more →

Capers Jones new paper: Twenty Five Software Industry Goals for the Years 2015 through 2019

Capers Jones, well-known author and international public speaker, makes pubic his Twenty Five Software Industry Goals for the Years 2015 through 2019. Download the White Paper now He writes in the introduction that “progress in the software industry has resembled a drunkard’s walk, with both improvement and regressions occurring at the same time. For example agile is an improvement for small projects,… Read more →

Rules development

Rules development (IV): Basic API – navigating through the AST

Let’s continue with our series of posts on rules development for KIUWAN. In a previous post, we explained that the implementation of our rules consisted of a java class that meet certain characteristics, including a visit method where the rule main functionality is made, that is visiting the nodes of the AST object (Abstract Syntax Tree) to retrieve information confirming the existence of a violation… Read more →

Análisis local

Running local analysis: Kiuwan Local Analyzer

Kiuwan’s great advantage is its possibility to analyze your code in your own infrastructure without having to upload your code to the cloud. For this, we can download Kiuwan Local Analyzer, which will allow you to run a local analyses (or as many as you want) from any machine and view the results on KIUWAN with all the functionality it provides.… Read more →

How to configure Kiuwan authentication with your own LDAP service

Kiuwan already allows to configure the authentication of your account users with your own LDAP service. Most of our users use Microsoft Active Directory as a repository for user credentials, but system I am going to tell you here serves to integrate KIUWAN with any other users repository, even if it is not based on LDAP. If your company has a corporate… Read more →

Serena xChange 15

Kiuwan at Serena xChange 15 user conference

We have been on the road again with Kiuwan. This time around we have sponsored the Serena xChange 15 User Conference in Washington DC. Our little jellyfish made quite an impact in the conference. KIUWAN was featured in the general session Mother of All Demos where all Serena product groups run an extraordinary demo covering the complete life cycle of change… Read more →

Analyzing C

Analyzing C and C++ with Kiuwan

C and C++ static analysis is a bit different from other programming languages, so analyzing C may have its quirks. It certainly has. In these languages, we have the preprocessor to complicate things a little.   Resolving header files and macros, used in preprocessing phase, is essential for a complete and correct C and C++ static code analysis. In this… Read more →

Desarrollo de reglas

Rules development (III): debugging custom rules

In previous posts in this series, we introduced the process of creating, executing and implementing custom rules in KIUWAN. Within Rules development series, this post will specifically focus on how a custom rule can be remotely debugged from our favorite IDE. One of the many powerful features in Kiuwan is its ability to execute custom rules. If your Kiuwan account… Read more →


7 reasons why all programmers should use static analysis tools

We have already talked about static analysis thousands of times. In fact, we have already written about that. And written. And written, over and over again. The value of static analysis and Static analysis in the cloud, anyone? are just two examples of that. Although it has always been inferred in previous posts, we have never addressed the issue of the importance… Read more →