Posts Tagged ‘Software Quality’

  • Lessons learned from localization Part 3: Test and then test some more

    on Oct 11, 12 • by Patti Murphy • with 3 Comments

    Lessons learned from localization Part 3: Test and then test some more

    “Take nothing for granted,” is the mantra of every software tester. Add localization to the mix and the level of vigilance goes into hyperdrive. In the spirit of helping others avoid needless pain, I launched this Lessons learned from localization series. In Part 1, we explored documentation pain and coping strategies. Part 2 was development discomfort and solutions. In this final installment, we explore the lessons learned by our testing department, who are known for being generous to a fault, as in “here’s a PR for you, and you, and you…” For this post,

    Read More »
  • Answering questions about your code base — Part 2

    on Apr 2, 12 • by Patti Murphy • with No Comments

    Answering questions about your code base — Part 2

    In this continuing story about the journey to source code awesomeness, we left off at the point where we identified priority defect types for your organization, kicked off pre-checkin static analysis on developer desktops and saw build-over-build improvements in our trending reports as a result. The next question we tackle here is: What is my cost of ownership? The answer, my friend, is not blowing in the wind, it’s in your Complexity Trend report: Why there? you might ask. Well, it’s because there’s a straight-line correlation between the complexity of a function and its cost per

    Read More »
  • Answering questions about your code base – Part 1

    on Feb 8, 12 • by Patti Murphy • with 1 Comment

    Answering questions about your code base – Part 1

    Static analysis captures the current state of your code base and helps you answer key questions about the quality, security and maintainability of your software project. Think Magic 8 Ball with build omniscience and powerful reporting tools. OK, maybe Magic 8 Ball isn’t a good analogy. Answers to what questions, you ask? One we often hear from customers is: Where do I start? A good place to start is a report that captures the distribution of defect types from your current build.  For example, we recommend that our customers glance over the Top 10 Issues

    Read More »
  • Golden rules of AST checker development

    on Jan 24, 12 • by Patti Murphy • with No Comments

    Golden rules of AST checker development

    In my previous post, It’s time to create a custom checker…, we looked at the considerations involved in deciding which checker to create–AST or path? In this post, we’re going to use a custom checker to enforce an internal coding standard that extends the default set of checkers in our source code analysis tool. To do this, I’ve called upon Steve Howard, our head of Partner Support in Europe, to get us started with an AST checker to accomplish our goal. Steve has coached many customers through the checker creation process. In his experience, the

    Read More »
  • The Evolution of Static Code Analysis – Part 3: The Present Day

    on Jun 8, 11 • by Todd Landry • with 1 Comment

    The Evolution of Static Code Analysis – Part 3: The Present Day

    My first 2 posts looked at 2 different eras of Static Code Analysis, the Early Years and the Early 21st Century. The SCA solutions of these times were revolutionary, and helped software development teams a great deal. But they had their warts. In the final post in this series, I’m going to introduce you to the present day Static Code Analysis technology and how it is impacting developers. The Present Day I’m a huge fan of Reece’s Peanut Butter Cups. I love them. I keep active so I don’t feel guilty eating them. In a

    Read More »
  • To report, or not to report…

    on Jun 6, 11 • by Gwyn Fisher • with No Comments

    To report, or not to report…

    Creating a source code analysis (SCA) engine is a balancing act, a decision process of where you believe the most value can be found along the spectrum that is the signal-to-noise ratio of the detection process. At one end lies the realm of massive noise and hopefully complete coverage, whilst at the other is the quiet calm of the theoretically useful but ultimately useless realm of no noise, but ultimately no signal either. That may sound counter-intuitive. Shouldn’t a zero noise point on the spectrum be accompanied by an infinitely strong signal? Perhaps in the

    Read More »
  • The Evolution of Source Code Analysis – Part 2: The Early 21st Century

    on May 26, 11 • by Todd Landry • with 3 Comments

    The Evolution of Source Code Analysis – Part 2: The Early 21st Century

    In my last post, I took us back in time to an era of bad fashion, questionable music, legendary television shows, and source code analysis tools that were made specifically for software developers. It was the 1970s. In this post, I fast forward to just after the turn of the century to discuss the next evolution of static analysis tools. The Early 21st Century Not long after we first viewed hairy-footed Hobbits on the silver screen, and the sham that was affectionately known as Y2K, a new generation of source code analysis tools emerged to

    Read More »
  • Klocwork Developer Network Set to Go Live

    on Mar 22, 11 • by Alan Weekes • with No Comments

    Our dilemma: How do we remove the barriers to knowledge about Klocwork's toolset, and developer best practices for creating high-quality code? The answer: Klocwork Developer Network--a new online portal designed for learning, sharing and discussing all things source code analysis.

    Read More »
  • Dealing with a different type of backlog…your bug backlog

    on Feb 3, 11 • by Todd Landry • with 2 Comments

    Dealing with a different type of backlog…your bug backlog

    As a product manager, the only backlog I typically care about is my product backlog. Do I have the right stories in there? Do the stories have enough detail? Are they properly prioritized? You know, that kind of stuff. Today, however, I’m going to write about a very different backlog, that is the static analysis defect backlog. A static analysis backlog is created when you run a static analysis product on your code base for the very first time. Chances are pretty good that the first analysis is going to list a large number of defects,

    Read More »
  • Rootkitting a PLC – who would have thought they were vulnerable

    on Oct 19, 10 • by Eric Hollebone • with 2 Comments

    Part of my life has been spent in the manufacturing sector working with industrial automation devices, but the discovery of the Stuxnet virus is the first time I’ve ever heard of specifically virus targeting and even rootkitting a PLC (programmable logic controller) or  SCADA (supervisory control and data acquisition) network. When working in industrial plants, we took the standard precautions with regard to Windows viruses and even started to add virus protection for Linux, but never did it occur to any of us that the industrial automation equipment might be at risk. Whenever the subject was even brought

    Read More »
Scroll to top