We are starting to see a large amount of Android phones such as the Droid and Xperia X10 (see a review here) and the (soon-to-be-released) first Google phone, Nexus One. With this, expect the number of apps to increase significantly. So with the increased number of apps, do these developers have the right tools to find and fix bugs? Take a look at the leader of phone applications-iPhone. There have been several posts (here and here) that recommend using the Clang static analyzer. Apple has taken it one step further, apparently rejecting iPhone apps that
Read More »
Our new documentation wiki is up and running! For awhile it seemed like we’d never do it. We have a team white board that records our panic level, and for several weeks, the level was up around “hysterical” and “wanting to open my own daycare”. We also have a white board in front of the doc area, in a hallway where everyone walks by to get to the kitchen. At one point when we were particularly frustrated with MediaWiki, the topic was “names for the new doc wiki”. A few good suggestions: Duh-Wiki Kwiki Wooki
Read More »
Just wrapped up a successful 2 day Embedded System Engineering conference in Stuttgart, Germany. This “all-German” show had just shy of 600 attendees, as well as about 60 individuals (representing the 20 or so companies exhibiting), so this was considered very good by the show organizers (who by the way did a fantastic job… the food here, for example, was as good as I’ve ever seen for such an event). The Klocwork booth was shared with our good friends at Emenda, and we had a choice spot that allowed a good flow of people. We
Read More »I have always been fascinated by the whole area of code vulnerabilities and security exploits and how hackers turn those issues into real-world problems for the rest of us. Jeremy Brown posted an interesting article on Jeremy’s Computer Security blog where he uses his security know-how to draw a straight line between a software vulnerability found with static analysis and a real 0day exploit on an open source project called gAlan. Jeremy takes us on a short journey where he finds an unprotected buffer with static analysis, creates an exploit payload to cause a buffer overrun, rewrites the
Read More »One of the biggest challenges that any IT leader is going to have to deal with is managing developers. As a class of people, you might think that they are generally supportive of each other. But in reality, they all live by a set of ruthless meritocracy that borders on being vicious, especially with each other. The simple fact is that no developer, no matter how much experience they do or don’t have, likes anybody else’s code but their own. Unfortunately, the only real way to develop quality software is to let developers review each
Read More »
Thought I would take a moment to share with you my experience at this year’s IP ESC show in Grenoble, France. First off, Grenoble is beautiful sitting at the foot of the French Alps. If you get the chance, go! Back to the show. This is typically the IP Show, but this year is the first that ESC has been added to the agenda. I don’t think it helped attendance-wise. From what I can tell, there are maybe 200-250 attendees in total. I spent the last couple of days sharing booth duty with our friends
Read More »Software developers and testers have some new tool choices to help with agile computing issues like velocity and automation. While agile is spotlighted in these products, practitioners of any methodology can benefit from these new products, according to vendors. Klocwork Inc., developer of automated source code analysis tools, is targeting the needs of agile development organizations with KlocworkInsightPro, a new suite of developer tools to help boost iteration velocity throughout the software development process. The suite includes tools for continuous static analysis, collaborative peer code reviews and automated code refactoring. Read More
Read More »The failure of the levees in New Orleans and the collapse of the I-35W bridge in Minneapolis gave many of us a greater appreciation for the importance of ensuring vital infrastructure is sound. Businesses and organizations would do well to apply these lessons to the area of software development. And many already have. Software that hasn’t been thoroughly vetted can result in lapses in safety and security, customer affecting performance issues and lost revenue – some of the most catastrophic problems a business can face. Case in point: A major telephone company recently was working
Read More »
Part I – Ode to Joy Since the launch of the seminal “Joy” work which hopefully doesn’t need mention here, we’ve seen everything from The Joy of Cooking to The Joy of Not Working (my personal favorite!), and so further to that deeply mined vein of authoritative works we bring you the necessarily over burdened… Joy of Code Review! Joy, you say? Let me count the ways… I implement a task, using what I consider to be best practice patterns and guidelines; I slave over this, my creation, and when it’s done, I stand back
Read More »Klocwork, a provider of source code analysis tools, just released the Insight Pro suite for agile development projects. Klocwork Insight Pro checks Java, C#, C and C++ code for memory and resource leaks, security vulnerabilities, and buffer overflows. DZone interviewed Klockwork CTO, Gwyn Fisher, to get an indepth look at Insight Pro and its static analysis engine. Insight Pro includes three tools to reduce bug debt and increase iteration speed. Continuous static analysis Static analysis traditionally relied on user interaction to perform code checks. Gwyn Fisher says, “Whether this is a complex server-side scripting process,
Read More »
