Case Study: BMC Software achieves early detection of security vulnerabilities and memory-management issues with Rogue Wave Software (Klocwork)

Addressing security vulnerabilities and memory management problems early in the development process

BMC Software’s Action Request product is a mature, enterprise management platform written in C, C++ and Java that must run continuously for months. Over time BMC faced growing support cases tied to memory management issues, heap/stack corruption and potential security vulnerabilities exposed via its published API. To address these quality and security challenges, BMC evaluated static analysis solutions and selected Rogue Wave Software’s Klocwork source code analysis toolset.

Rogue Wave Software’s Klocwork was integrated into developers’ IDEs for on‑the‑fly analysis and included architecture visualization for impact assessment. By requiring Klocwork checks before code check‑in, enabling immediate desktop detection of defects (instead of waiting hours or days), and using its reporting and architecture inspection during patching, BMC improved in‑phase defect containment, accelerated vulnerability discovery, and strengthened overall reliability and patch safety.

BMC Software

Samuel Dillon

Lead Developer