Mark Grice is a pretty unflappable guy, but when you ask him a question about barriers to successful adoption of Source Code Analysis (SCA) technology, he starts to splutter. “There are things I see over and over that make me want to bang my head against a wall,” says the Klocwork Director and Manager of our International Reseller/Partner Network. For the past nine years, Grice has helped companies from around the world to successfully implement SCA. There are many companies that deploy SCA tools and reap their ROI, but there are others that can’t get
Read More »I like developers. I have spent a career hiring, motivating, confusing, annoying and retaining developers. I am not going to go so far as to say I understand you guys, but I do know what makes a good developer. More importantly, I know what makes someone a bad fit for the team I am recruiting for. First impressions are important. Yeah, I know, it sucks and your technical prowess should speak for itself, but it doesn’t. Let’s face it, if you forget the “L” in Klocwork in your cover letter, I’m laughing too hard to
Read More »
In the spirit of the FIFA 2010 World Cup, I thought it would be fitting to describe how software developers can relate to the game. Announcers – Have you ever really listened to what the announcers say? One of my favorite things to listen to is the very opinionated soccer announcers. Some of the things they say just make me laugh. For example, when the announcer was describing the uncertainty of the game – “There’s one thing for certain, there is no score.” or in this year’s World Cup describing a slow and boring game
Read More »
With the recent story that the iPad has inherent security vulnerabilities, I thought it might be an appropriate time to delve into the world of software security guidelines…but I must warn you, this blog will contain an abnormal amount of acronyms, and may not be suitable for all audiences. When talking about software security guidelines, there are really 5 or 6 organizations that are leading the charge, and they include: - OWASP - SANS Institute - MITRE - PCI Security Standards Council - SEI Let’s first look at OWASP. OWASP stands for Open Web Application
Read More »
So a while back, I explored where developers get their information. Surprisingly, it is hard to find hard data on the subject. As a bonus from a Forrester study commissioned by Klocwork into the habits of code review, part of the data revealed developers’ use of social media tools. When asked directly about their use of these tools to communicate with other developers, the majority polled would not choose a social media channel. It just goes to show that yet again, software developers are a breed apart. As an aside, as I was researching this topic, I found
Read More »A while back, I talked about how I keep running into organizations that seem to go out of their way to make developers’ lives hell. I’ve run into several examples where developers had to switch between different environments just to write and compile code. That’s as productive as watching paint dry and as much fun as rearranging the deck chairs on the Titanic. For teams that want to run source code analysis in these types of environments (or any kind of dev tooling, frankly) it’s very difficult for vendors to support. I did my usual
Read More »
It’s often taken as read that developers think code reviews are just a pain in the behind. Maybe that sentiment is true when a developer’s sitting amongst his/her peers and getting interrogated on the quality of their code, but some of the data from a Forrester Consulting study commissioned by Klocwork seems to contradict that a bit. The survey asked software development professionals a whole bunch of questions related to code reviews (some of which we’ve referenced before) and here are two interesting data points that suggest developers see real benefits from code reviews. So
Read More »
