Posts Tagged ‘Nasty Bugs’

  • To report, or not to report…

    on Jun 6, 11 • by Gwyn Fisher • with No Comments

    To report, or not to report…

    Creating a source code analysis (SCA) engine is a balancing act, a decision process of where you believe the most value can be found along the spectrum that is the signal-to-noise ratio of the detection process. At one end lies the realm of massive noise and hopefully complete coverage, whilst at the other is the quiet calm of the theoretically useful but ultimately useless realm of no noise, but ultimately no signal either. That may sound counter-intuitive. Shouldn’t a zero noise point on the spectrum be accompanied by an infinitely strong signal? Perhaps in the

    Read More »
  • Dealing with a different type of backlog…your bug backlog

    on Feb 3, 11 • by Todd Landry • with 2 Comments

    Dealing with a different type of backlog…your bug backlog

    As a product manager, the only backlog I typically care about is my product backlog. Do I have the right stories in there? Do the stories have enough detail? Are they properly prioritized? You know, that kind of stuff. Today, however, I’m going to write about a very different backlog, that is the static analysis defect backlog. A static analysis backlog is created when you run a static analysis product on your code base for the very first time. Chances are pretty good that the first analysis is going to list a large number of defects,

    Read More »
  • Patterns of Bugs

    on Jan 18, 11 • by Brendan Harrison • with 1 Comment

    Patterns of Bugs

    Nice blog post from Walter Bright over at Dr. Dobbs on the Patterns of Bugs. He ties together bug patterns, recommended process changes, and the resulting productivity payoff from making these improvements. He recommends a bunch of process changes, including static analysis, code reviews, and coding standards, then goes on to review examples of different bug patterns. A few can be detected with static analysis (coding mistakes as written) but many are errors with the code as intended (something static analysis doesn’t check… that’s what testing is for). His main recommendation seems to be that

    Read More »
  • PM Thoughts on Code Reviews

    on Nov 9, 10 • by Todd Landry • with No Comments

    PM Thoughts on Code Reviews

    While I may not be the most active Twitter-er in the world, the one thing I have noticed is that there is an awful lot of activity around the term “code review” lately. Since code reviews have become a widely used practice, I thought I would share one of my experiences about code reviews with you, from a product manager perspective. In my first Agile team, many years ago, it was tabled (in our retrospective meeting after a couple of Sprints) that code reviews should be added to our definition of “Done”.  Let’s just say

    Read More »
  • Multicore exposes more frog versus snake (deadlock) bugs

    on Sep 30, 10 • by Eric Hollebone • with 2 Comments

    Multicore exposes more frog versus snake (deadlock) bugs

    Continuing the discussion about the embedded community moving to muticore/hetrogeneous hardware from watch out here comes multicore, embedded software development teams have historically been shielded from mulitcore issues. This is due to the specialized functionality of many embedded application classes and the inherent serialized nature of the C language.[1] Muticore is an ambiguous term for software developers and one they don’t really use; software developers think in terms of threads/processes and concurrency, not how many cores or processors are available on the target. Concurrency is not a new topic either as Mark Smotherman captured in a history of multithreading, it has been a

    Read More »
  • Google offers cash reward for finding bugs in Chrome

    on Feb 5, 10 • by Eric Hollebone • with 1 Comment

    Google offers cash reward for finding bugs in Chrome

    As Google Chrome climbs out of obscurity in the browser market and expands into a light-weight but fully functional OS, security seems to have become a top of mind issue over at chromium headquarters. In the Chromium Blog, Chris Evans of Chrome Security announced a cash for bugs initiative, paying between 500 and 1337 USD depending on the severity for any previously undiscovered flaw.  I am glad to see Google encouraging the community at large to participate in hardening my current browser of choice.  As Chris points out, Mozilla was one of the first to embark on this type of

    Read More »
  • Going Agile Part 4 – Iteration 1: The Good, The Bad, and the Ugly

    on Jan 19, 10 • by Todd Landry • with 1 Comment

    Going Agile Part 4 – Iteration 1: The Good, The Bad, and the Ugly

    I just couldn’t resist using the classic spaghetti Western as the title for this installment of my Going Agile series because it a) it was an awesome movie, and b) it truly sums up that 1st iteration of ours. My last post was all about the 1st iteration planning meeting, and how it was such an exciting and productive time for our team. We came out of that meeting a little weary, but extremely motivated to get to work. We were also just a tad naive. The next 2 weeks were a roller coaster as

    Read More »
  • From Static Analysis to 0day Exploit – a demonstration

    on Dec 9, 09 • by Eric Hollebone • with No Comments

    I have always been fascinated by the whole area of code vulnerabilities and security exploits and how hackers turn those issues into real-world problems for the rest of us. Jeremy Brown posted an interesting article on Jeremy’s Computer Security blog where he uses his security know-how to draw a straight line between a software vulnerability found with static analysis and a real 0day exploit on an open source project called gAlan. Jeremy takes us on a short journey where he finds an unprotected buffer with static analysis, creates an exploit payload to cause a buffer overrun, rewrites the

    Read More »
  • “I’m gonna write me a new minivan” – is zero software bugs the right goal?

    on Oct 27, 09 • by Eric Hollebone • with 2 Comments

    “I’m gonna write me a new minivan” – is zero software bugs the right goal?

    I have always loved “I’m gonna write me a new minivan”  from Scott Adams.  To me, it never gets old.  Originally published in 1998, the theme that applied then still does today: driving 100% of defects or bugs out of the code-base is a laudable goal, but is it really the right one?   I would have to argue no.  There’s no silver bullet out there that will find all software defects and solve issues automagically, and until there is, software development will continue to struggle with prioritization.  Unfortunately, we live in a world of finite resources and constantly evolving demands,

    Read More »
  • Top 5 Java quality bugs

    on Oct 13, 09 • by Alen Zukich • with No Comments

    In a previous posts I reviewed the Top 5 C/C++ and Top 5 C# quality bugs that I that I see time and time again looking at customer code. I wrote my Java Top 5 with an embedded programming focus and the folks at www.embedded.com decided to publish it on their site. Here’s a snippet below and the full Top 5 Java bugs article can be found here. While C dominates as the programming language of choice for embedded development, the use of Java is definitely on the rise. In fact, according to a recent

    Read More »
Scroll to top