SlideShare ist ein Scribd-Unternehmen logo

Test What Matters Most

‱
‱
Remedy IT
Remedy IT

Presentation that gives an overview of how ACE/TAO/CIAO/DAnCE are using Coverity scan

Technologie
1 von 11
Downloaden Sie, um offline zu lesen
Test What Matters Most Develop Testing: Totaalvoetbal for Software Development 12th September, Amsterdam Johnny Willemsen, CTO Remedy IT jwillemsen@remedy.nl
Remedy IT Company of specialists focused on middleware and component technologies Dedicated to open standards and preferable open source Actively involved in the development of ACE/TAO/CIAO/DAnCE/OpenDDS open source software suite For more information take a look at our website www.remedy.nl 2 Copyright © Remedy IT
What is ACE? ADAPTIVE Communication Environment Open-source object-oriented (OO) framework that implements many core patterns for concurrent distributed communication software Strong adoption in the telecom, medical, aerospace, defense and financial services industries TAO, CIAO, DAnCE, and OpenDDS are products that are created on top of ACE and form together the ATCDO open source suite. 3 Copyright © Remedy IT
ACE and Coverity Scan What is Coverity Scan? ‱ Free static analysis for open source projects ‱ Find and fix defects in C/C++ or Java ‱ Tests every line of code and potential execution path ‱ Explains root cause of each defect making it easy to fix bugs ACE and Coverity Scan ‱ Joined in April 2011 ‱ Fixed 3263 defects as of September 2013 ‱ 1795 defects outstanding ‱ Defect density of 0.24 4 Copyright © Remedy IT
ACE testing challenges Goal: reduce risk through actionable, efficient testing Large, decentralized project with distributed development teams: ‱ 7.8 million lines of C++ code ‱ 20 primary developers, 100 developers committing code to the repository, 2375 developers contributed Testing a priority, but not enforceable, so most code remains untested ‱ Current overall code coverage is 27% (57% for critical components) ‱ Over 275,000 functions not fully tested including examples and other code that does not require testing 5 Copyright © Remedy IT
Creating an ENFORCEABLE test policy Many concerns before the project began ‱ Where do I start, and how do I prioritize, with so much untested code? ‱ How much real risk is there that I need to address ASAP? ‱ How do I hold developers accountable for testing their own code? ‱ How do I ensure code is tested as new features are developed? 6 Copyright © Remedy IT
Creating an ENFORCEABLE test policy ACE developed a basic Coverity Test Advisor policy to address these concerns ‱ Filtering rules to determine which code is important to test ‱ Analyzing untested code against those rules to identify missing tests and prioritize them 7 Copyright © Remedy IT
4 Step policy with a big impact 8 Step Remaining Violations Testing Policy 0 275,313 Simple line coverage All insufficiently- or un-tested functions 1 12,833 Focus on core components Premise: certain components are more important to test than others 2 2,967 Only called code (ignore uncalled) Premise: we only write tests for important functions 3 2,757 Exclude debug, logging code Premise: diagnostic messages are not important to test 4 2,588 Since 6.1: 605 Exclude error cases, prioritize violations by release Premise: testing error cases provides minimal value and it is often difficult to trigger this code Note: These numbers are for the exact same code Copyright © Remedy IT
Using Coverity ACE performs a weekly build dedicated to Coverity scan ‱ Takes 27 hours to compile all source code with gcc ‱ Takes 19 hours to analyze using Coverity scan Coverity scan analyzes the code and publishes the Scan results New issues are emailed to all developers The ACE build czar will enforce that any new issue gets resolved by the original developer Supports our goal that quality increases weekly and never decreases 9 Copyright © Remedy IT
Addressing the issues Test violations in the core code are most important Try to resolve high priority violations with funding through maintenance and support When resolving bugs, test violations are used to focus the new unit tests on what is really needed When adding a feature to ACE, Test Advisor is used to determine that the feature is well tested After a decrease in number of test violations, the basic Test Advisor policy can be relaxed 10 Copyright © Remedy IT
Want to know more? Remedy IT Postbus 81 6930 AB Westervoort The Netherlands tel.: +31(0)88 053 0000 e-mail: sales@remedy.nl website: www.remedy.nl Twitter: @RemedyIT Slideshare: RemedyIT Subscribe to our mailing list Join Coverity Scan 11 Copyright © Remedy IT

Empfohlen

DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
Devops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter ChestnaDevops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter Chestna
DevSecCon
 
Building Production-Ready Microservices: DevopsExchangeSF
Building Production-Ready Microservices: DevopsExchangeSFBuilding Production-Ready Microservices: DevopsExchangeSF
Building Production-Ready Microservices: DevopsExchangeSF
Michael Kehoe
 
From rogue one to rebel alliance by Peter Chestna
From rogue one to rebel alliance by Peter ChestnaFrom rogue one to rebel alliance by Peter Chestna
From rogue one to rebel alliance by Peter Chestna
DevSecCon
 
Open Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure CultureOpen Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure Culture
WhiteSource
 
DevSecOps outline
DevSecOps outlineDevSecOps outline
DevSecOps outline
Nickleus Jimenez
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge 
WhiteSource
 
Outpost24 webinar - Why security perfection is the enemy of DevSecOps
Outpost24 webinar - Why security perfection is the enemy of DevSecOpsOutpost24 webinar - Why security perfection is the enemy of DevSecOps
Outpost24 webinar - Why security perfection is the enemy of DevSecOps
Outpost24
 

Empfohlen

DEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journeyDEVSECOPS: Coding DevSecOps journey
DEVSECOPS: Coding DevSecOps journey
Jason Suttie
 
Devops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter ChestnaDevops: Security's big opportunity by Peter Chestna
Devops: Security's big opportunity by Peter Chestna
DevSecCon
 
Building Production-Ready Microservices: DevopsExchangeSF
Building Production-Ready Microservices: DevopsExchangeSFBuilding Production-Ready Microservices: DevopsExchangeSF
Building Production-Ready Microservices: DevopsExchangeSF
Michael Kehoe
 
From rogue one to rebel alliance by Peter Chestna
From rogue one to rebel alliance by Peter ChestnaFrom rogue one to rebel alliance by Peter Chestna
From rogue one to rebel alliance by Peter Chestna
DevSecCon
 
Open Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure CultureOpen Source Security: How to Lay the Groundwork for a Secure Culture
Open Source Security: How to Lay the Groundwork for a Secure Culture
WhiteSource
 
DevSecOps outline
DevSecOps outlineDevSecOps outline
DevSecOps outline
Nickleus Jimenez
 
Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge Open Source Security at Scale- The DevOps Challenge 
Open Source Security at Scale- The DevOps Challenge 
WhiteSource
 
Outpost24 webinar - Why security perfection is the enemy of DevSecOps
Outpost24 webinar - Why security perfection is the enemy of DevSecOpsOutpost24 webinar - Why security perfection is the enemy of DevSecOps
Outpost24 webinar - Why security perfection is the enemy of DevSecOps
Outpost24
 
ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real World
Agile Testing Alliance
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
Rogue Wave Software
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
rkadayam
 
Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next Level
WhiteSource
 
Automating OWASP Tests in your CI/CD
Automating OWASP Tests in your CI/CDAutomating OWASP Tests in your CI/CD
Automating OWASP Tests in your CI/CD
rkadayam
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
Mohammed A. Imran
 
Your Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsYour Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOps
DevOps.com
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
WhiteSource
 
Amy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOpsAmy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOps
SeniorStoryteller
 
Interact Differently: Get More From Your Tools Through Exposed APIs
Interact Differently: Get More From Your Tools Through Exposed APIsInteract Differently: Get More From Your Tools Through Exposed APIs
Interact Differently: Get More From Your Tools Through Exposed APIs
Kevin Fealey
 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowTackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to Know
WhiteSource
 
The DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at ScaleThe DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at Scale
DevOps.com
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarThe State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource Webinar
WhiteSource
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
DevOps.com
 
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
DevOps.com
 
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CDSynopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Software Integrity Group
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...
WhiteSource
 
Simplify Dev with Complicated Security Tools
Simplify Dev with Complicated Security ToolsSimplify Dev with Complicated Security Tools
Simplify Dev with Complicated Security Tools
Kevin Fealey
 
DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together Log
Stefan Streichsbier
 
Scaling DevOps Adoption
Scaling DevOps AdoptionScaling DevOps Adoption
Scaling DevOps Adoption
Mark Rendell
 
Model Driven, Component Based Development for CBDDS and IDL to C++11
Model Driven, Component Based Development for CBDDS and IDL to C++11Model Driven, Component Based Development for CBDDS and IDL to C++11
Model Driven, Component Based Development for CBDDS and IDL to C++11
Remedy IT
 
IDL to C++11 OMG RTWS presentations
IDL to C++11 OMG RTWS presentationsIDL to C++11 OMG RTWS presentations
IDL to C++11 OMG RTWS presentations
Remedy IT
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
rkadayam
 
Your Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsYour Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOps
DevOps.com
 
Interact Differently: Get More From Your Tools Through Exposed APIs
Interact Differently: Get More From Your Tools Through Exposed APIsInteract Differently: Get More From Your Tools Through Exposed APIs
Interact Differently: Get More From Your Tools Through Exposed APIs
Kevin Fealey
 
The DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at ScaleThe DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at Scale
DevOps.com
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
DevOps.com
 
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
DevOps.com
 
Simplify Dev with Complicated Security Tools
Simplify Dev with Complicated Security ToolsSimplify Dev with Complicated Security Tools
Simplify Dev with Complicated Security Tools
Kevin Fealey
 
DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together Log
Stefan Streichsbier
 
Scaling DevOps Adoption
Scaling DevOps AdoptionScaling DevOps Adoption
Scaling DevOps Adoption
Mark Rendell
 

Was ist angesagt? (20)

ATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real WorldATAGTR2017 Security Testing / IoT Testing in Real World
ATAGTR2017 Security Testing / IoT Testing in Real World
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
Taking Open Source Security to the Next Level
Taking Open Source Security to the Next LevelTaking Open Source Security to the Next Level
Taking Open Source Security to the Next Level
 
Automating OWASP Tests in your CI/CD
Automating OWASP Tests in your CI/CDAutomating OWASP Tests in your CI/CD
Automating OWASP Tests in your CI/CD
 
[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities[DevSecOps Live] DevSecOps: Challenges and Opportunities
[DevSecOps Live] DevSecOps: Challenges and Opportunities
 
Your Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOpsYour Resolution for 2018: Five Principles For Securing DevOps
Your Resolution for 2018: Five Principles For Securing DevOps
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
 
Amy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOpsAmy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOps
 
Interact Differently: Get More From Your Tools Through Exposed APIs
Interact Differently: Get More From Your Tools Through Exposed APIsInteract Differently: Get More From Your Tools Through Exposed APIs
Interact Differently: Get More From Your Tools Through Exposed APIs
 
Tackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to KnowTackling the Risks of Open Source Security: 5 Things You Need to Know
Tackling the Risks of Open Source Security: 5 Things You Need to Know
 
The DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at ScaleThe DevOps Challenge: Open Source Security at Scale
The DevOps Challenge: Open Source Security at Scale
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarThe State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource Webinar
 
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and DevelopersThe DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
The DevSecOps Showdown: How to Bridge the Gap Between Security and Developers
 
Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline Scale DevSecOps with your Continuous Integration Pipeline
Scale DevSecOps with your Continuous Integration Pipeline
 
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CDSynopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
Synopsys Security Event Israel Presentation: Making AppSec Testing Work in CI/CD
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...
 
Simplify Dev with Complicated Security Tools
Simplify Dev with Complicated Security ToolsSimplify Dev with Complicated Security Tools
Simplify Dev with Complicated Security Tools
 
DevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together LogDevSecOps in 2031: How robots and humans will secure apps together Log
DevSecOps in 2031: How robots and humans will secure apps together Log
 
Scaling DevOps Adoption
Scaling DevOps AdoptionScaling DevOps Adoption
Scaling DevOps Adoption
 

Andere mochten auch

F6COM: A Case Study in Extending Container Services through Connectors
F6COM: A Case Study in Extending Container Services through ConnectorsF6COM: A Case Study in Extending Container Services through Connectors
F6COM: A Case Study in Extending Container Services through Connectors
Remedy IT
 
Test What Matters Most
Test What Matters MostTest What Matters Most
Test What Matters Most
Remedy IT
 
CORBA Programming with TAOX11/C++11 tutorial
CORBA Programming with TAOX11/C++11 tutorialCORBA Programming with TAOX11/C++11 tutorial
CORBA Programming with TAOX11/C++11 tutorial
Remedy IT
 
A real-time middleware and component model for a fractionated spacecraft
A real-time middleware and component model for a fractionated spacecraft A real-time middleware and component model for a fractionated spacecraft
A real-time middleware and component model for a fractionated spacecraft
Remedy IT
 

Andere mochten auch (19)

Model Driven, Component Based Development for CBDDS and IDL to C++11
Model Driven, Component Based Development for CBDDS and IDL to C++11Model Driven, Component Based Development for CBDDS and IDL to C++11
Model Driven, Component Based Development for CBDDS and IDL to C++11
 
IDL to C++11 OMG RTWS presentations
IDL to C++11 OMG RTWS presentationsIDL to C++11 OMG RTWS presentations
IDL to C++11 OMG RTWS presentations
 
Component Technologies for Fractionated Satellites
Component Technologies for Fractionated SatellitesComponent Technologies for Fractionated Satellites
Component Technologies for Fractionated Satellites
 
F6COM: A Case Study in Extending Container Services through Connectors
F6COM: A Case Study in Extending Container Services through ConnectorsF6COM: A Case Study in Extending Container Services through Connectors
F6COM: A Case Study in Extending Container Services through Connectors
 
UCM Initial Submission presentation
UCM Initial Submission presentationUCM Initial Submission presentation
UCM Initial Submission presentation
 
CCM5 RTWS 2012
CCM5 RTWS 2012CCM5 RTWS 2012
CCM5 RTWS 2012
 
Evolution from LwCCM to UCM
Evolution from LwCCM to UCMEvolution from LwCCM to UCM
Evolution from LwCCM to UCM
 
Remedy IT Initial Submission for the Unified Component Model (UCM) for Distri...
Remedy IT Initial Submission for the Unified Component Model (UCM) for Distri...Remedy IT Initial Submission for the Unified Component Model (UCM) for Distri...
Remedy IT Initial Submission for the Unified Component Model (UCM) for Distri...
 
AMI4CCM_IDL2CPP
AMI4CCM_IDL2CPPAMI4CCM_IDL2CPP
AMI4CCM_IDL2CPP
 
IDL to C++11 revised submission presentation
IDL to C++11 revised submission presentationIDL to C++11 revised submission presentation
IDL to C++11 revised submission presentation
 
AMI4CCM revised submission presentation
AMI4CCM revised submission presentationAMI4CCM revised submission presentation
AMI4CCM revised submission presentation
 
Test What Matters Most
Test What Matters MostTest What Matters Most
Test What Matters Most
 
Comparing IDL to C++ with IDL to C++11
Comparing IDL to C++ with IDL to C++11Comparing IDL to C++ with IDL to C++11
Comparing IDL to C++ with IDL to C++11
 
Request For Proposal Unified Component Model for Distributed, Real-Time and E...
Request For Proposal Unified Component Model for Distributed, Real-Time and E...Request For Proposal Unified Component Model for Distributed, Real-Time and E...
Request For Proposal Unified Component Model for Distributed, Real-Time and E...
 
Unified Component Model for Distributed, Real- Time and Embedded Systems Requ...
Unified Component Model for Distributed, Real- Time and Embedded Systems Requ...Unified Component Model for Distributed, Real- Time and Embedded Systems Requ...
Unified Component Model for Distributed, Real- Time and Embedded Systems Requ...
 
CORBA Programming with TAOX11/C++11 tutorial
CORBA Programming with TAOX11/C++11 tutorialCORBA Programming with TAOX11/C++11 tutorial
CORBA Programming with TAOX11/C++11 tutorial
 
A real-time middleware and component model for a fractionated spacecraft
A real-time middleware and component model for a fractionated spacecraft A real-time middleware and component model for a fractionated spacecraft
A real-time middleware and component model for a fractionated spacecraft
 
Revised submission for Unified Component Model (UCM) for Distributed, Real-Ti...
Revised submission for Unified Component Model (UCM) for Distributed, Real-Ti...Revised submission for Unified Component Model (UCM) for Distributed, Real-Ti...
Revised submission for Unified Component Model (UCM) for Distributed, Real-Ti...
 
AXCIOMA, the internals, the component framework for distributed, real-time, a...
AXCIOMA, the internals, the component framework for distributed, real-time, a...AXCIOMA, the internals, the component framework for distributed, real-time, a...
AXCIOMA, the internals, the component framework for distributed, real-time, a...
 

Ähnlich wie Test What Matters Most

Quality Engineering and Testing with TMAP in DevOps IT delivery
Quality Engineering and Testing with TMAP in DevOps IT deliveryQuality Engineering and Testing with TMAP in DevOps IT delivery
Quality Engineering and Testing with TMAP in DevOps IT delivery
Rik Marselis
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle software
Rogue Wave Software
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
FINOS
 

Ähnlich wie Test What Matters Most (20)

How to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less timeHow to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less time
 
Quality Engineering and Testing with TMAP in DevOps IT delivery
Quality Engineering and Testing with TMAP in DevOps IT deliveryQuality Engineering and Testing with TMAP in DevOps IT delivery
Quality Engineering and Testing with TMAP in DevOps IT delivery
 
How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks How to go from waterfall app dev to secure agile development in 2 weeks
How to go from waterfall app dev to secure agile development in 2 weeks
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT world
 
How BDD enables True CI/CD
How BDD enables True CI/CDHow BDD enables True CI/CD
How BDD enables True CI/CD
 
Continuous delivery test strategies
Continuous delivery test strategiesContinuous delivery test strategies
Continuous delivery test strategies
 
Test Driven Development - Overview and Adoption
Test Driven Development - Overview and AdoptionTest Driven Development - Overview and Adoption
Test Driven Development - Overview and Adoption
 
Code coverage
Code coverageCode coverage
Code coverage
 
Code Coverage
Code CoverageCode Coverage
Code Coverage
 
Quality for DevOps teams - Quality engineering in the DevOps culture
Quality for DevOps teams - Quality engineering in the DevOps cultureQuality for DevOps teams - Quality engineering in the DevOps culture
Quality for DevOps teams - Quality engineering in the DevOps culture
 
DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)DevSecOps - It can change your life (cycle)
DevSecOps - It can change your life (cycle)
 
AEM.Design - Project Introduction
AEM.Design - Project IntroductionAEM.Design - Project Introduction
AEM.Design - Project Introduction
 
Adopting Agile
Adopting AgileAdopting Agile
Adopting Agile
 
Software Development Standard Operating Procedure
Software Development Standard Operating Procedure Software Development Standard Operating Procedure
Software Development Standard Operating Procedure
 
Top 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle softwareTop 5 best practice for delivering secure in-vehicle software
Top 5 best practice for delivering secure in-vehicle software
 
How a Mortgage Company is Transforming Their Business with Continuous Delivery
How a Mortgage Company is Transforming Their Business with Continuous DeliveryHow a Mortgage Company is Transforming Their Business with Continuous Delivery
How a Mortgage Company is Transforming Their Business with Continuous Delivery
 
Are your DevOps and Security teams friends or foes?
Are your DevOps and Security teams friends or foes?Are your DevOps and Security teams friends or foes?
Are your DevOps and Security teams friends or foes?
 
The Essentials Of Test Driven Development
The Essentials Of Test Driven Development The Essentials Of Test Driven Development
The Essentials Of Test Driven Development
 
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...Managing the Software Supply Chain: Policies that Promote Innovation While Op...
Managing the Software Supply Chain: Policies that Promote Innovation While Op...
 

Mehr von Remedy IT

Mehr von Remedy IT (19)

Integrating DDS into AXCIOMA, the component approach
Integrating DDS into AXCIOMA, the component approachIntegrating DDS into AXCIOMA, the component approach
Integrating DDS into AXCIOMA, the component approach
 
AXCIOMA, the component framework for distributed, real-time and embedded systems
AXCIOMA, the component framework for distributed, real-time and embedded systemsAXCIOMA, the component framework for distributed, real-time and embedded systems
AXCIOMA, the component framework for distributed, real-time and embedded systems
 
AXCIOMA, the internals, the component framework for distributed, real-time, a...
AXCIOMA, the internals, the component framework for distributed, real-time, a...AXCIOMA, the internals, the component framework for distributed, real-time, a...
AXCIOMA, the internals, the component framework for distributed, real-time, a...
 
Remedy IT Company presentation
Remedy IT Company presentationRemedy IT Company presentation
Remedy IT Company presentation
 
CORBA Programming with TAOX11/C++11 tutorial
CORBA Programming with TAOX11/C++11 tutorialCORBA Programming with TAOX11/C++11 tutorial
CORBA Programming with TAOX11/C++11 tutorial
 
Comparing IDL to C++ with IDL to C++11
Comparing IDL to C++ with IDL to C++11Comparing IDL to C++ with IDL to C++11
Comparing IDL to C++ with IDL to C++11
 
Integrating DDS into AXCIOMA, the component approach
Integrating DDS into AXCIOMA, the component approachIntegrating DDS into AXCIOMA, the component approach
Integrating DDS into AXCIOMA, the component approach
 
Modernizing SCA through new Object Management Group (OMG) standards
Modernizing SCA through new Object Management Group (OMG) standardsModernizing SCA through new Object Management Group (OMG) standards
Modernizing SCA through new Object Management Group (OMG) standards
 
Modernizing SCA through new Object Management Group (OMG) standards
Modernizing SCA through new Object Management Group (OMG) standardsModernizing SCA through new Object Management Group (OMG) standards
Modernizing SCA through new Object Management Group (OMG) standards
 
ACE/TAO/CIAO/DAnCE Maintenance overview
ACE/TAO/CIAO/DAnCE Maintenance overviewACE/TAO/CIAO/DAnCE Maintenance overview
ACE/TAO/CIAO/DAnCE Maintenance overview
 
Remedy IT Revised Submission Presentation for the Unified Component Model (UC...
Remedy IT Revised Submission Presentation for the Unified Component Model (UC...Remedy IT Revised Submission Presentation for the Unified Component Model (UC...
Remedy IT Revised Submission Presentation for the Unified Component Model (UC...
 
DDS Programming with IDL to C++11 tutorial
DDS Programming with IDL to C++11 tutorialDDS Programming with IDL to C++11 tutorial
DDS Programming with IDL to C++11 tutorial
 
Component Based DDS with C++11 and R2DDS
Component Based DDS with C++11 and R2DDSComponent Based DDS with C++11 and R2DDS
Component Based DDS with C++11 and R2DDS
 
AXCIOMA, the component framework for distributed, real-time and embedded systems
AXCIOMA, the component framework for distributed, real-time and embedded systemsAXCIOMA, the component framework for distributed, real-time and embedded systems
AXCIOMA, the component framework for distributed, real-time and embedded systems
 
IDL to C++03 RFC
IDL to C++03 RFCIDL to C++03 RFC
IDL to C++03 RFC
 
AMI4CCM, custom DDS connectors, and IDL to C++11
AMI4CCM, custom DDS connectors, and IDL to C++11AMI4CCM, custom DDS connectors, and IDL to C++11
AMI4CCM, custom DDS connectors, and IDL to C++11
 
Draft Request For Proposal Unified Component Model for Distributed, Real-Time...
Draft Request For Proposal Unified Component Model for Distributed, Real-Time...Draft Request For Proposal Unified Component Model for Distributed, Real-Time...
Draft Request For Proposal Unified Component Model for Distributed, Real-Time...
 
Component Based Model Driven Development of Mission Critical Defense Applicat...
Component Based Model Driven Development of Mission Critical Defense Applicat...Component Based Model Driven Development of Mission Critical Defense Applicat...
Component Based Model Driven Development of Mission Critical Defense Applicat...
 
Remedy IT Flyer_introduction
Remedy IT Flyer_introductionRemedy IT Flyer_introduction
Remedy IT Flyer_introduction
 

KĂŒrzlich hochgeladen

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

KĂŒrzlich hochgeladen (20)

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

Test What Matters Most

  • 1. Test What Matters Most Develop Testing: Totaalvoetbal for Software Development 12th September, Amsterdam Johnny Willemsen, CTO Remedy IT jwillemsen@remedy.nl
  • 2. Remedy IT Company of specialists focused on middleware and component technologies Dedicated to open standards and preferable open source Actively involved in the development of ACE/TAO/CIAO/DAnCE/OpenDDS open source software suite For more information take a look at our website www.remedy.nl 2 Copyright © Remedy IT
  • 3. What is ACE? ADAPTIVE Communication Environment Open-source object-oriented (OO) framework that implements many core patterns for concurrent distributed communication software Strong adoption in the telecom, medical, aerospace, defense and financial services industries TAO, CIAO, DAnCE, and OpenDDS are products that are created on top of ACE and form together the ATCDO open source suite. 3 Copyright © Remedy IT
  • 4. ACE and Coverity Scan What is Coverity Scan? ‱ Free static analysis for open source projects ‱ Find and fix defects in C/C++ or Java ‱ Tests every line of code and potential execution path ‱ Explains root cause of each defect making it easy to fix bugs ACE and Coverity Scan ‱ Joined in April 2011 ‱ Fixed 3263 defects as of September 2013 ‱ 1795 defects outstanding ‱ Defect density of 0.24 4 Copyright © Remedy IT
  • 5. ACE testing challenges Goal: reduce risk through actionable, efficient testing Large, decentralized project with distributed development teams: ‱ 7.8 million lines of C++ code ‱ 20 primary developers, 100 developers committing code to the repository, 2375 developers contributed Testing a priority, but not enforceable, so most code remains untested ‱ Current overall code coverage is 27% (57% for critical components) ‱ Over 275,000 functions not fully tested including examples and other code that does not require testing 5 Copyright © Remedy IT
  • 6. Creating an ENFORCEABLE test policy Many concerns before the project began ‱ Where do I start, and how do I prioritize, with so much untested code? ‱ How much real risk is there that I need to address ASAP? ‱ How do I hold developers accountable for testing their own code? ‱ How do I ensure code is tested as new features are developed? 6 Copyright © Remedy IT
  • 7. Creating an ENFORCEABLE test policy ACE developed a basic Coverity Test Advisor policy to address these concerns ‱ Filtering rules to determine which code is important to test ‱ Analyzing untested code against those rules to identify missing tests and prioritize them 7 Copyright © Remedy IT
  • 8. 4 Step policy with a big impact 8 Step Remaining Violations Testing Policy 0 275,313 Simple line coverage All insufficiently- or un-tested functions 1 12,833 Focus on core components Premise: certain components are more important to test than others 2 2,967 Only called code (ignore uncalled) Premise: we only write tests for important functions 3 2,757 Exclude debug, logging code Premise: diagnostic messages are not important to test 4 2,588 Since 6.1: 605 Exclude error cases, prioritize violations by release Premise: testing error cases provides minimal value and it is often difficult to trigger this code Note: These numbers are for the exact same code Copyright © Remedy IT
  • 9. Using Coverity ACE performs a weekly build dedicated to Coverity scan ‱ Takes 27 hours to compile all source code with gcc ‱ Takes 19 hours to analyze using Coverity scan Coverity scan analyzes the code and publishes the Scan results New issues are emailed to all developers The ACE build czar will enforce that any new issue gets resolved by the original developer Supports our goal that quality increases weekly and never decreases 9 Copyright © Remedy IT
  • 10. Addressing the issues Test violations in the core code are most important Try to resolve high priority violations with funding through maintenance and support When resolving bugs, test violations are used to focus the new unit tests on what is really needed When adding a feature to ACE, Test Advisor is used to determine that the feature is well tested After a decrease in number of test violations, the basic Test Advisor policy can be relaxed 10 Copyright © Remedy IT
  • 11. Want to know more? Remedy IT Postbus 81 6930 AB Westervoort The Netherlands tel.: +31(0)88 053 0000 e-mail: sales@remedy.nl website: www.remedy.nl Twitter: @RemedyIT Slideshare: RemedyIT Subscribe to our mailing list Join Coverity Scan 11 Copyright © Remedy IT