Qualimétrie et Securité logiciel et IT gouvernance 05/10/17 - Sophia Antipolis

1. P R O D U C T & C O M P A N Y O V E R V I E W
PRODUCT
& COMPANY
OVERVIEW

2. P R O D U C T & C O M P A N Y O V E R V I E W

3. P R O D U C T & C O M P A N Y O V E R V I E W
Enterprise Software
Analytics Solutions
Enterprise Software
Analytics Cloud Platform
Born in
2008
US Headquarters
ORLANDO, FLORIDA
EU Headquarters
MADRID, SPAIN

4. P R O D U C T & C O M P A N Y O V E R V I E W
Madrid
Florida
Santiago de Chile
Paris
Milan
Headquarters
Offices

5. P R O D U C T & C O M P A N Y O V E R V I E W

6. P R O D U C T & C O M P A N Y O V E R V I E W
… AND MANY MORE

7. P R O D U C T & C O M P A N Y O V E R V I E W
Customers in
COUNTRIES
25
4000+
USERS

8. P R O D U C T & C O M P A N Y O V E R V I E W

9. P R O D U C T & C O M P A N Y O V E R V I E W

10. P R O D U C T & C O M P A N Y O V E R V I E W
• Time to Market
• Cost of new functionalities
• Do more with less
• Decision times
• Maintenance costs
• Technical debt
• Software defects
• End customer experience
• Added value from apps
• Effectiveness in business and apps
• Agility in bringing new products
• Apps’ efficiency
• Productivity developments
• Software quality
• Application performance
• Security applications
• Software architecture portfolio
• Service loss risks
• Security problems
• SLA launch delivery
breaches
• Normative breaches
• Defective deliverables
• Development risk
• Development extra efforts

11. P R O D U C T & C O M P A N Y O V E R V I E W
How I can improve existing
applications with less effort? What providers / team
performs best?
What is the most suitable supplier for
a technology or business area?
Which apps can go
on to testing phase?
Is there a
supplier risk?
In which business area
should I invest more?
What business areas and apps are
more prone to security vulnerabilities?
What would be the required effort if we
want to get the most benefit when fixing
defects and vulnerabilities? How does the behavior of a provider
affect my Time To Market?
How do I establish a technical SLA
to a development provider?

12. P R O D U C T & C O M P A N Y O V E R V I E W
With an increasing
dependence on complex
applications and
infrastructures, you need
the overall picture.
To make informed
decisions, Kiuwan offers a
suite of products to solve
your Security, Code
Analysis, Application
Architecture, Life Cycle and
Governance needs, offering
an Enterprise ready
end-to-end platform.

13. P R O D U C T & C O M P A N Y O V E R V I E W
The Kiuwan product platform
CODE ANALYSIS
CODE SECURITY
ARCHITECTURE
LIFE CYCLE
GOVERNANCE
(*) July 2017

14. P R O D U C T & C O M P A N Y O V E R V I E W
CODE ANALYSIS
Kiuwan Code Analysis offers developers unparalleled
scope in the detection of errors and reduction of incidents
during production, smoothly integrating within continuous
development processes.
Identify code defects in a collaborative, unlocalized
manner and manage your remediation efforts. Includes a
models visual configurator and tailored reports.
Analyze more than 30 languages, such as…
Gain unparalleled scope with extraordinary ease

15. P R O D U C T & C O M P A N Y O V E R V I E W
CODE ANALYSIS
Highlights
• No installation.
• No configuration.
• Collaborative platform between development teams and software vendors. Create all the users you need.
• Reduces production incidents and errors detected in early tests performing validations of source code.
• It reduces development time making your development teams and suppliers comply with market standards.
• The code never leaves your infrastructure (behind the firewall) using the local analyzer.
• Visual configurator to create models to select the rules and properties of the analyzer.
• Generation of indicators to make comparisons and measure developments and trends.
• Technical debt reduction. Manages the effort needed to correct the major flaws found.
• Make automatic or manual action plans and perform an automated monitoring of its implementation.
• Analyze continuously with Jenkins every time you build your application.
• Complete history of your analyses.
• Differential reports to find out what defects have been introduced or removed in each version.
• Editor deletions (defects mute) that recalculates metrics and indicators without having to re-analyze.
• Grouping or filtering application portfolios to facilitate data analysis.
• Code Analysis engine can also run PMD, Checkstyle and Findbugs rules.
• Develop your own coding rules using Code Analysis development of rules and SDK for Eclipse.
• Import defect metrics from external analyzers and enjoy the capabilities Code Analysis offers with that data: mute defects,
action plans, setting rules, etc.
• PDF report generation at executive level.
• CSV generation with defects and metrics.
• Export an action plan to Jira, PDF or CSV.

16. P R O D U C T & C O M P A N Y O V E R V I E W
Code Analysis enforces a rigorous approach in the detection of
security vulnerabilities.
Integrated in the development process, Kiuwan’s Code
Analysis provides risk and cost reduction thanks to the
detection and correction of newly introduced vulnerabilities, as
well as increasing the overall security of your applications. We
strive to meet the most stringent requirements and our
compliance reports meet the most stringent market standards:
CODE SECURITY
Focusing on security

17. P R O D U C T & C O M P A N Y O V E R V I E W
Security highlights
• Polyglot: Up to 30
programming languages
• Version comparison of
vulnerabilities introduced or
corrected during maintenance
projects.
• Generate custom action plans
and automatically evaluate
their enforcement.
• Perform audits to meet code
standards and regulatory
requirements.
• Security risk rating at
application level.
• Improve team scalability.
• Custom rule creation
• Incremental scan
• Seamless IDE & SDLC
integration
Vulnerabilities
• Uninitialized Variables
• Application Misconfiguration
• Credential/Session Prediction
• Directory Indexing
• Insufficient Authorization/Authentication
• Automatic Reference Counting
• Cross Site Request Forgery
• Information Leakage
• Insufficient Transport Layer Protection
• Insufficient Binary Protection
• Cross Site Scripting
• Injection Attacks
Reliability issues
• Data Race
• Deadlock
• Null-Pointer dereference
• Division by zero
• Interprocess Communication
• OS Commanding
• Insecure Cryptography
• SQL injection
• Cryptographic Related Attacks
• Buffer Overrun
• Free Non-Heap Variable
• Use After-Free
• Double Free/Close
• Format String Vulnerability
• Return Pointer To Local
• Double close
• Dangerous Function Cast
• Resource Leak
CODE SECURITY

18. P R O D U C T & C O M P A N Y O V E R V I E W
ARCHITECTURE
Full visibility into applications’ architecture
Kiuwan Architecture automatically creates visual
application maps based on the dependencies an
relationships of all their components. Works
seamlessly with Kiuwan Code Analysis and Code
Security to have all the security and quality
information of individual components right on
the map.
Be in full control of your applications’ structure
and run comprehensive impact analysis to find
the components affected by any future change

19. P R O D U C T & C O M P A N Y O V E R V I E W
LIFE CYCLE
Full end-to-end control
Kiuwan Life Cycle sensibly reduces development
time, testing & integration prematurely by
auditing, monitoring and automatically analyzing
change requests within their respective
environments.
Be in full control of your applications’ deliveries
from the start, with the ability to compare
baseline modifications in order to detect new
defects during the development process.

20. P R O D U C T & C O M P A N Y O V E R V I E W
LIFE CYCLE
Highlights
• Monitor the base of your application online.
• Define checkpoints and audits tailored to each type of project or change request.
• Promotion analysis baseline delivery after acceptance of deliverable without rescanning. Change
request promotion to baseline after acceptance of deliverable without rescanning.
• Independent environments based on views to compare different versions of applications. VIews to
compare different versions of applications in independent environments (Dev, test, production, etc.)
• State management for change requests or development projects (in progress, resolved, etc).
• Decide whether the status of the new versions is right to promote objective information using
applications.
• Automatically check control points continuously during the construction or maintenance phases to
ensure that applications do not degrade over time after modifications.
• Automate the entire process making Life Cycle connect with your continuous integration system (eg.
Jenkins).
• Define permissions and roles for your users. Control what information and what actions every member
of the team can perform.
• Reporting with defaults and effort required to repair deliveries.
• Control the work being done by each development team or each software vendor.
• Generate reports in PDF with detailed info on non-conformant deliveries delivery breaches.

21. P R O D U C T & C O M P A N Y O V E R V I E W
GOVERNANCE
Executive overview all the way to the deepest insights
The most complete tool in the market to manage
your application portfolio. Executive overview all
the way to the deepest insights.
Make fast and reliable decisions that will help the
entire team.
Learn your risks and anticipate them with the
ability to measure the productivity and activity
of your team or external providers to negotiate
your SLA’s, understanding their path and
enjoying a unique vantage point.

22. P R O D U C T & C O M P A N Y O V E R V I E W
GOVERNANCE
Highlights
• Filter and group applications by portfolios created at any time. Filter and group information by applications portfolios at
any time.
• Analyze the most important business risks.
• Compare different portfolios of applications for important information about suppliers, business areas, equipment or
technology development.
• Detect risky applications using different decision quadrants:
• Detect business risks.
• Detect production risks.
• Detect applications and portfolios with low maintainability index.
• Detect applications and portfolios with potential security vulnerabilities.
• Analyze the evolution of your portfolio of applications to predict early form where they will become problems.
• Record the activity of your development teams and software vendors, both in application and maintenance projects or
change requests.
• Compare number of rejected deliveries from suppliers.
• Detect deviations from suppliers in compliance with industry standards.
• Full historical information to know what was the exact situation at any given point in time.
• Cross-reference data from different application portfolios.
• Define permissions and roles for your users. Control what information and what actions every member of the team can
perform.
• Reporting of government meetings in PDF.
• Define service-level agreements (SLA) to be met by each provider and verify compliance.
• Measure and compare the level of productivity of each team member in a given time interval.

23. P R O D U C T & C O M P A N Y O V E R V I E W
Headquarters
2600 Lake Lucien Drive Suite 115 Maitland. FL 32751. USA
---------------------------
+1 9045 123 050 (USA)
contact@kiuwan.com
partners@kiuwan.com
---------------------------
Try Kiuwan Software Analytics for free at kiuwan.com