Klocwork vs NowSecure comparison

"Technical support is quite good."

"There's a feature in Klocwork called 'on-the-fly analysis', which helps developers to find and fix the defects at the time of development itself."

"Klocwork has caught up to Fortify and surpassed them; they have a higher detection and false positive rate than Fortify does."

"We consider it a stable product."

"The tool helps the team to think beforehand about corner cases or potential bugs that might arise in real-time."

"Overall I find Klocwork's features superior for our needs."

"On-the-fly analysis and incremental analysis are the best parts of Klocwork, and currently we are using both of these features very effectively."

"The reporting helps us understand the trend of our results and whether we improve over time. We can see the history within Klocwork's server architecture and know that we're making things better. It creates a great story for our management. We can demonstrate value and how our software is developing over time."

"The most valuable feature is the ability to download an application without actually putting in the APK, as it gives us an option to put the APK in if we want to, but we can also download it from the App Store and Play Store."

"The most valuable feature is the ability to download an application without actually putting in the APK. It gives us an option to put the APK in if we want to but we can download it from the App Store and Play Store."

"There are some false warnings found which eventually are not considered for a fix after the team reviewed the source code."

"The way to define the rules is too complex. The definition/rules for static analysis could be automated according to various SILs, so as to avoid confusion."

"The way to define the rules is too complex."

"There are many things that can be improved. The code used between projects is one of the very painful points in Klocwork."

"For an improved product, we'd like to see integration with Agile DevOps and Agile methodologies."

"Global variables sometimes generate false positives. Variables with global scopes sometimes produce false positives, which is annoying and time consuming because I get violations from Klocwork which after personal analysis turn out to be not true."

"Under NIST cybersecurity standards, we must address vulnerabilities within a specified time after discovering them. When we try to propagate those updates and fixes through the system, it would be nice if the clients could reconnect to the existing server or have the server dynamically updated in some way. I know that isn't easy, but maybe processes could be enhanced to make that more streamlined from a DevOps perspective."

"I believe it should support more languages, such as Python and JavaScript."

"There needs some improvement in testing with dynamic analysis because I have found it is not accurate."

"In this solution, there are two kinds of testing, static analysis, and dynamic analysis. There needs some improvement in testing with dynamic analysis because I have found it is not accurate"

"Klocwork is still tight on their licensing. If Klocwork would loosen up on the licensing, and where the license could be used, and how many different programs could be run on it, then we have several development programs that I would love to be able to use it for going forward."

"The pricing for Klocwork is very competitive if you compare it from apple to apple. It has competitive pricing regarding the licensing model and the per-license cost. Klocwork isn't a high-end investment for anyone deploying it; even SMBs can afford it. The Klocwork cost per user would depend on the license type, so I'm unable to mention a ballpark figure because it would depend on the type of installation and how the deployment will be, and the nodes to give an accurate calculation or figure. The total price depends on the package, so my company could never publish pricing for Klocwork on the website. My team first collects information from potential clients on the deployment scenario, project environment, etc., before suggesting a package for Klocwork. My rating for Klocwork in terms of pricing is a five because of its flexible license models. There's a license model for every type of organization, whether small, midsize, or enterprise, so it's a five out of five for me."

"The limitation that we have is that Klocwork is licensed to certain programs, and if you want to license them to other programs, you have to pay more money."

"Licensing fees are paid annually, but they also have a perpetual license."

"Klocwork should not to be quite so heavy handed on the licensing for very specific programs."

"When it comes to licensing, the solution has two packages, one for a fixed and the other for a floating server, with the former being more cost effective than the latter."

"There are other solutions on the market such as Microsoft Visual Studio. They have been adding more static code analysis features that come for free. It is getting better all the time. That is one of the possibilities is that we've been considering that we may stop using the Klocwork because it doesn't give us any added value."

"This solution offers competitive pricing."