“Take nothing for granted,” is the mantra of every software tester. Add localization to the mix and the level of vigilance goes into hyperdrive. In the spirit of helping others avoid needless pain, I launched this Lessons learned from localization series. In Part 1, we explored documentation pain and coping strategies. Part 2 was development discomfort and solutions. In this final installment, we explore the lessons learned by our testing department, who are known for being generous to a fault, as in “here’s a PR for you, and you, and you…” For this post,
Read More »
In this continuing story about the journey to source code awesomeness, we left off at the point where we identified priority defect types for your organization, kicked off pre-checkin static analysis on developer desktops and saw build-over-build improvements in our trending reports as a result. The next question we tackle here is: What is my cost of ownership? The answer, my friend, is not blowing in the wind, it’s in your Complexity Trend report: Why there? you might ask. Well, it’s because there’s a straight-line correlation between the complexity of a function and its cost per
Read More »
Static analysis captures the current state of your code base and helps you answer key questions about the quality, security and maintainability of your software project. Think Magic 8 Ball with build omniscience and powerful reporting tools. OK, maybe Magic 8 Ball isn’t a good analogy. Answers to what questions, you ask? One we often hear from customers is: Where do I start? A good place to start is a report that captures the distribution of defect types from your current build. For example, we recommend that our customers glance over the Top 10 Issues
Read More »
In my previous post, It’s time to create a custom checker…, we looked at the considerations involved in deciding which checker to create–AST or path? In this post, we’re going to use a custom checker to enforce an internal coding standard that extends the default set of checkers in our source code analysis tool. To do this, I’ve called upon Steve Howard, our head of Partner Support in Europe, to get us started with an AST checker to accomplish our goal. Steve has coached many customers through the checker creation process. In his experience, the
Read More »
My first 2 posts looked at 2 different eras of Static Code Analysis, the Early Years and the Early 21st Century. The SCA solutions of these times were revolutionary, and helped software development teams a great deal. But they had their warts. In the final post in this series, I’m going to introduce you to the present day Static Code Analysis technology and how it is impacting developers. The Present Day I’m a huge fan of Reece’s Peanut Butter Cups. I love them. I keep active so I don’t feel guilty eating them. In a
Read More »
Creating a source code analysis (SCA) engine is a balancing act, a decision process of where you believe the most value can be found along the spectrum that is the signal-to-noise ratio of the detection process. At one end lies the realm of massive noise and hopefully complete coverage, whilst at the other is the quiet calm of the theoretically useful but ultimately useless realm of no noise, but ultimately no signal either. That may sound counter-intuitive. Shouldn’t a zero noise point on the spectrum be accompanied by an infinitely strong signal? Perhaps in the
Read More »
In my last post, I took us back in time to an era of bad fashion, questionable music, legendary television shows, and source code analysis tools that were made specifically for software developers. It was the 1970s. In this post, I fast forward to just after the turn of the century to discuss the next evolution of static analysis tools. The Early 21st Century Not long after we first viewed hairy-footed Hobbits on the silver screen, and the sham that was affectionately known as Y2K, a new generation of source code analysis tools emerged to
Read More »Our dilemma: How do we remove the barriers to knowledge about Klocwork's toolset, and developer best practices for creating high-quality code? The answer: Klocwork Developer Network--a new online portal designed for learning, sharing and discussing all things source code analysis.
Read More »
As a product manager, the only backlog I typically care about is my product backlog. Do I have the right stories in there? Do the stories have enough detail? Are they properly prioritized? You know, that kind of stuff. Today, however, I’m going to write about a very different backlog, that is the static analysis defect backlog. A static analysis backlog is created when you run a static analysis product on your code base for the very first time. Chances are pretty good that the first analysis is going to list a large number of defects,
Read More »Part of my life has been spent in the manufacturing sector working with industrial automation devices, but the discovery of the Stuxnet virus is the first time I’ve ever heard of specifically virus targeting and even rootkitting a PLC (programmable logic controller) or SCADA (supervisory control and data acquisition) network. When working in industrial plants, we took the standard precautions with regard to Windows viruses and even started to add virus protection for Linux, but never did it occur to any of us that the industrial automation equipment might be at risk. Whenever the subject was even brought
Read More »
