SlideShare ist ein Scribd-Unternehmen logo

5 Ways to Accelerate Standards Compliance with Static Code Analysis

Perforce
Perforce

In mission- and safety-critical industries, static code analysis (SCA) is key to facilitating the development of robust and reliable software - yet, according to VDC Research, only 27% of embedded developers report using SCA tools on their current project. Why is adoption low and what can you do to deploy SCA effectively? Join Walter Capitani (Rogue Wave Software) and Christopher Rommel (VDC Research) as they review the results of the latest VDC Research paper on the trends, techniques, and best practices for standards compliance within embedded software teams. You will learn what organizations like yours are doing now and how to prepare for future challenges by: -Understanding trends for standards compliance in 2018 -Identifying common challenges for automotive, medical, industrial automation, and other types of applications -Learning best practices for achieving compliance using different tools, techniques, and processes After attending this webinar, you'll be better prepared to plan and execute a standards compliance program for your team and maximize the effectiveness of static code analysis.

Software
1 von 31
Downloaden Sie, um offline zu lesen
Klocwork by Perforce © 2019 Perforce Software, Inc. 5 Ways to Improve Developer Output with Static Analysis ROD COPE | CHIEF TECHNOLOGY OFFICER , PERFORCE SOCTWARE
klocwork.com2 | Klocwork by Perforce © 2019 Perforce Software, Inc. What We’ll Cover 1 2 3 4 5 A brief History of Testing What is Static Code Analysis Why Static Code Analysis is Beneficial Beyond the Scope of Static Code Analysis Static Code Analysis Best Practices 6 Q&A
A Brief History of Testing
klocwork.com4 | Klocwork by Perforce © 2019 Perforce Software, Inc. History of Testing 1970s and 1980s 1990s 2000s 2010s • Debugging is the same as testing • All I need is unit testing • How did we survive without automated testing? • DevOps is awesome!
klocwork.com5 | Klocwork by Perforce © 2019 Perforce Software, Inc. Risks and Challenges Regardless of industry or product, all software developers share the same risks and challenges. These include: • Human errors • Software issues • Hardware issues • Shorter time to release • More complex software
What is Static Code Analysis
klocwork.com7 | Klocwork by Perforce © 2019 Perforce Software, Inc. Static Code Analysis Myths and Facts Static Code Analysis Myths Static code analysis is a glorified complier. Static code analysis for “junior” developers. Testing is for QA, not developers. Static Code Analysis Facts Unlike compilers, static code analysis find deep inter-procedural and inter-module issues across the entire codebase. Static code analysis helps all developers become more effective, with large sets of checkers, knowledge of entire code base (including legacy code), and rapid results. Fixing errors before check-in/build is easier, cheaper, and causes less rework.
klocwork.com8 | Klocwork by Perforce © 2019 Perforce Software, Inc. How Static Code Analysis Works Static Code analysis performs tests that developers don’t (or wont) write. D I F F E R E N T T Y P E S O F A N A L Y S I SR E Q U R I E S S O U R C E C O D E • Must be able to compile code. • No changes to existing build flow. • Analyzes each path of your code. • Inter-procedural. • Inter-file.
klocwork.com9 | Klocwork by Perforce © 2019 Perforce Software, Inc. Examples of How Static Code Analysis Works • Static code analysis is similar to a spell. For example: • “he went to the store.” (DEFECT: “he” should be capitalized) • “He went to the store.” (FIXED) • However, static code analysis is more sophisticated. For example: • “Sally purchased two baskets of fruit at the store. When she got home she put the three baskets of fruit on the counter.” (DEFECT: she only purchased two baskets of fruit) • “Sally purchased two baskets of fruit at the store. When she got home she put the two baskets of fruit on the counter.” (FIXED)
klocwork.com10 | Klocwork by Perforce © 2019 Perforce Software, Inc. How Static Code Analysis Can Help • Buffer Overflows: Security exploit or program crashes. • Null Pointer Dereferences: Your program crashes. • Memory Leaks: Processor runs out of memory and locks up. • Uninitialized Data Usage: Data injection. • Platform/OS Specifics: Privilege escalation. • Concurrency: Deadlock. • Coding: Ensuring that the code matches the guidelines. • Security: Ensuring that the code free of common vulnerabilities. • Safety: Ensuring that the code minimizes the risk. C O D E I S S U E S S T A N D A R D S C O M P L I A N C E
klocwork.com11 | Klocwork by Perforce © 2019 Perforce Software, Inc. Traditional Testing Versus Static Code Analysis • Tradition testing tools require reproduction of the exact runtime conditions that caused the issue to occur. • Requires tests specifically tailored to the code. • Time consuming process. • Not always accurate and reliable. • Static code analysis finds defects early, that aren’t easily identified by manual code reviews. • Comprehensive and reliable. • Identifies coding errors and vulnerabilities before they become and issue.
Why Static Code Analysis Helps
klocwork.com13 | Klocwork by Perforce © 2019 Perforce Software, Inc. Static Code Analysis Identifies Defects Early in the Process $139 $455 $977 $7,136 $14,103 Requirements Design Coding Testing MaintenanceTime Detected Specification Design Code Unit Test System Test UAT Release Lifecycle Stage Development Unit Tests QA Testing Production Time 1X 3X 5X 10X 100X Requirements Architecture Construction System Test Post Release CosttoFixCosttoFix CosttoFix
klocwork.com14 | Klocwork by Perforce © 2019 Perforce Software, Inc. Static Code Analysis Improved Productivity • Increases development productivity. • No test cases, stubs, or complex set up. • Runs your code “as is”. • Example productivity benefits: • Lawrence Livermore: $200K savings on 360K LOC project. • Harris: $60K in six months on 10-person pilot project. • LMCO: 1 critical defect per developer per year gives ROI. • ACCESS Co. : 20% bug reduction (C/C++, IoT). • OpenSpan: Achieved CWE Top 25 compliance.
klocwork.com15 | Klocwork by Perforce © 2019 Perforce Software, Inc. Static Code Analysis Ensures Quality and Safety Boeing The Boeing 787 Dreamliner had a software bug which caused “total loss of electrical power” after 248 days. Department of Corrections A software error that calculates prison sentences caused more then 3,200 U.S. prisoners to be released roughly 49 days early.
klocwork.com16 | Klocwork by Perforce © 2019 Perforce Software, Inc. Static Code Analysis Identifies Bugs • NEST “smart” thermostat software update caused complete battery drain, shutting off heat during January. • Matt Rogers, NEST co-founder said, “the bug took a few weeks to show up.” • The bug affected 2.5 million smart thermostats in U.S. alone.
Beyond the Scope of Static Code Analysis
klocwork.com18 | Klocwork by Perforce © 2019 Perforce Software, Inc. Where Static Code Analysis Can’t Help • Verify runtime behavior. • Static tools are what they say — “static”. • Code is not executed. • Verify code matches design. • Does not verify that behavior is as expected. • Can detect issues that leads us to discover design flaws, such as unreachable code. • Prove whether or not a system will work. • Static code analysis results are not accepted as final word for safety-critical systems. However, they do point us in the right direction.
klocwork.com19 | Klocwork by Perforce © 2019 Perforce Software, Inc. • May report defects that aren’t a problem. • These are known as false positives. • False positives are not something to be afraid of. • Is this a problem? • Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo. (POTENTIAL DEFECT: repeat words) • This is actually grammatically correct: Bison from Buffalo, New York, who are intimidated by other bison in Buffalo, NY also happen to intimidate other bison in Buffalo, NY. Limitations of Static Code Analysis
Static Code Analysis Best Practices
klocwork.com21 | Klocwork by Perforce © 2019 Perforce Software, Inc. #1. Use SCA to Check the Security of Your Code SURVEY: Out of 1700 developers, 80% of them incorrectly answered key questions surrounding the protection of sensitive data. Organizations can have difficulty preventing attacks because of: Lack of time. Lack of focus. Lack of proper tools. Most breaches result from input trust issues, such as: Cross-site scripting. SQL injection. Unvalidated input.
klocwork.com22 | Klocwork by Perforce © 2019 Perforce Software, Inc. SCA Found Heartbleed S C A R E P O R T
klocwork.com23 | Klocwork by Perforce © 2019 Perforce Software, Inc. #2. Use SCA to Enforce Industry and Coding Standards • Significantly reduces the cost of compliance. • Complements existing testing approaches. • Enables automated and repeatable analysis. • Enforces key industry standards. Including: • DISA STIG • CWE • MISRA • CERT • SAMATE • OWASP • DO-178B • FDA validation • And more
klocwork.com24 | Klocwork by Perforce © 2019 Perforce Software, Inc. #3. Integrate SCA and CI Into Your Development Process • Continuous Integration: • Continuous merging and testing of developer changes into the mainline code. • Test thosechanges to verify they work with other changes. • Test new code as it is completed to catch issues early. • Benefits of CI: • Improves quality and productivity: • 90% increase in LOC output per programmer when performing daily builds. • 36% reduction in defect rate with integration/regression testing at each check-in. • Increases the benefits of an Agile software development methodology.
klocwork.com25 | Klocwork by Perforce © 2019 Perforce Software, Inc. SCA and CI
klocwork.com26 | Klocwork by Perforce © 2019 Perforce Software, Inc. Keys to Successful CI To work in a true CI environment, SCA tools must be designed to be: A U T O M A T E D S C A L A B L E E F F I C I E N T R E L E V A N T Support the most important CI build management systems. Require minimal resources and deploy across multiple agents. To reduce feedback time, only analyse the affected code. Report on only the information that is required for the given context.
klocwork.com27 | Klocwork by Perforce © 2019 Perforce Software, Inc. #4. Use SCA to Validate Legacy/OSS Integrate Test Open Source COTS Contractors Legacy ISV Your Product $$$$ Cost to Fix Defects
klocwork.com28 | Klocwork by Perforce © 2019 Perforce Software, Inc. #5. Use SCA to Help Developers Improve Code Quality • SCA is an Educational Tool: • Common programmatic errors. • Security vulnerabilities. • Standards compliance. ONCE A DEFECT IS REPORTED,UNDERSTAND WHY IT’S A DEFECT AND HOW TO FIX IT.
klocwork.com29 | Klocwork by Perforce © 2019 Perforce Software, Inc. Summary 1 2 3 Use SCA to check the security of your code. • Enables you to find vulnerabilities early. Use SCA to enforce industry and coding standards. • Reduces the cost of compliance. Integrate SCA and CI into your development process. • Makes analysis automated, fast, and scalable. 4 5 Use SCA to validate legacy code/OSS. • Enables you to check entire code base before release. Use SCA to help developers improve code quality. • Features a built-in training tool on the desktop.
klocwork.com30 | Klocwork by Perforce © 2019 Perforce Software, Inc. • Support for CI via continuous static code analysis (CSCA). • Desktop on-the-fly analysis as well as traditional server analysis. • Helps to ensure compliance with MISRA, OWASP, FDA, CWE, DISA, and other industry and coding standards. • Hundreds of built-in checkers that go beyond just the industry standards. • Unique analysis engine that detects a thorough and comprehensive range of defects. • Widest compiler support. • Custom checker studio for extensibility. • Support for process certification (ISO 26262). Klocwork Continuous Static Code Analysis
Q & A

Empfohlen

Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code AnalysisObika Gellineau
 
Yoda debunks the top 5 challenges of continuous testing in the cloud
Yoda debunks the top 5 challenges of continuous testing in the cloudYoda debunks the top 5 challenges of continuous testing in the cloud
Yoda debunks the top 5 challenges of continuous testing in the cloudPerfecto by Perforce
 
IoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentIoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentTechWell
 
How To Improve Quality With Static Code Analysis
How To Improve Quality With Static Code Analysis How To Improve Quality With Static Code Analysis
How To Improve Quality With Static Code Analysis Perforce
 
Solving the 3 Biggest Questions in Continuous Testing
Solving the 3 Biggest Questions in Continuous TestingSolving the 3 Biggest Questions in Continuous Testing
Solving the 3 Biggest Questions in Continuous TestingPerfecto by Perforce
 
How to Embed Codeless Test Automation Into DevOps
How to Embed Codeless Test Automation Into DevOpsHow to Embed Codeless Test Automation Into DevOps
How to Embed Codeless Test Automation Into DevOpsPerfecto by Perforce
 
Best Practices for Shifting Left Performance and Accessibility Testing
Best Practices for Shifting Left Performance and Accessibility TestingBest Practices for Shifting Left Performance and Accessibility Testing
Best Practices for Shifting Left Performance and Accessibility TestingPerfecto by Perforce
 
Deliver Flawless Mobile Apps Faster with CI/CD & CT
Deliver Flawless Mobile Apps Faster with CI/CD & CTDeliver Flawless Mobile Apps Faster with CI/CD & CT
Deliver Flawless Mobile Apps Faster with CI/CD & CTPerfecto by Perforce
 

Empfohlen

Static Code Analysis
Static Code AnalysisStatic Code Analysis
Static Code AnalysisObika Gellineau
 
Yoda debunks the top 5 challenges of continuous testing in the cloud
Yoda debunks the top 5 challenges of continuous testing in the cloudYoda debunks the top 5 challenges of continuous testing in the cloud
Yoda debunks the top 5 challenges of continuous testing in the cloudPerfecto by Perforce
 
IoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentIoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentTechWell
 
How To Improve Quality With Static Code Analysis
How To Improve Quality With Static Code Analysis How To Improve Quality With Static Code Analysis
How To Improve Quality With Static Code Analysis Perforce
 
Solving the 3 Biggest Questions in Continuous Testing
Solving the 3 Biggest Questions in Continuous TestingSolving the 3 Biggest Questions in Continuous Testing
Solving the 3 Biggest Questions in Continuous TestingPerfecto by Perforce
 
How to Embed Codeless Test Automation Into DevOps
How to Embed Codeless Test Automation Into DevOpsHow to Embed Codeless Test Automation Into DevOps
How to Embed Codeless Test Automation Into DevOpsPerfecto by Perforce
 
Best Practices for Shifting Left Performance and Accessibility Testing
Best Practices for Shifting Left Performance and Accessibility TestingBest Practices for Shifting Left Performance and Accessibility Testing
Best Practices for Shifting Left Performance and Accessibility TestingPerfecto by Perforce
 
Deliver Flawless Mobile Apps Faster with CI/CD & CT
Deliver Flawless Mobile Apps Faster with CI/CD & CTDeliver Flawless Mobile Apps Faster with CI/CD & CT
Deliver Flawless Mobile Apps Faster with CI/CD & CTPerfecto by Perforce
 
Agile vs. DevOps for Continuous Testing: How to Optimize Your Pipeline
Agile vs. DevOps for Continuous Testing: How to Optimize Your PipelineAgile vs. DevOps for Continuous Testing: How to Optimize Your Pipeline
Agile vs. DevOps for Continuous Testing: How to Optimize Your PipelinePerfecto by Perforce
 
How to Eliminate Escaped Defects With a Proven Test Automation Coverage Strategy
How to Eliminate Escaped Defects With a Proven Test Automation Coverage StrategyHow to Eliminate Escaped Defects With a Proven Test Automation Coverage Strategy
How to Eliminate Escaped Defects With a Proven Test Automation Coverage StrategyPerfecto by Perforce
 
How to Scale Digital App Testing With Jenkins & Automation You Can Trust
How to Scale Digital App Testing With Jenkins & Automation You Can TrustHow to Scale Digital App Testing With Jenkins & Automation You Can Trust
How to Scale Digital App Testing With Jenkins & Automation You Can TrustPerfecto by Perforce
 
Advanced Codeless Testing for Web Apps
Advanced Codeless Testing for Web AppsAdvanced Codeless Testing for Web Apps
Advanced Codeless Testing for Web AppsPerfecto by Perforce
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
Fast Data, Fast Delivery: How Smart Analysis Accelerates App Testing
Fast Data, Fast Delivery: How Smart Analysis Accelerates App TestingFast Data, Fast Delivery: How Smart Analysis Accelerates App Testing
Fast Data, Fast Delivery: How Smart Analysis Accelerates App TestingPerfecto by Perforce
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
Embedded software validation best practices with NI and RQM
Embedded software validation best practices with NI and RQMEmbedded software validation best practices with NI and RQM
Embedded software validation best practices with NI and RQMPaul Urban
 
IT due diligence and software quality for fintech startups
IT due diligence and software quality for fintech startupsIT due diligence and software quality for fintech startups
IT due diligence and software quality for fintech startupsSieuwert van Otterloo
 
Test-Driven Code Review: An Empirical Study
Test-Driven Code Review: An Empirical StudyTest-Driven Code Review: An Empirical Study
Test-Driven Code Review: An Empirical StudyDelft University of Technology
 
CODE REVIEW AND COOPERATIVE PAIR PROGRAMMING BEST PRACTICE
CODE REVIEW AND COOPERATIVE PAIR PROGRAMMING BEST PRACTICECODE REVIEW AND COOPERATIVE PAIR PROGRAMMING BEST PRACTICE
CODE REVIEW AND COOPERATIVE PAIR PROGRAMMING BEST PRACTICEijseajournal
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperGene Gotimer
 
Professional Software Development, Practices and Ethics
Professional Software Development, Practices and EthicsProfessional Software Development, Practices and Ethics
Professional Software Development, Practices and EthicsLemi Orhan Ergin
 
Network Security Open Source Software Developer Certification
Network Security Open Source Software Developer CertificationNetwork Security Open Source Software Developer Certification
Network Security Open Source Software Developer CertificationVskills
 
Cloud Testing Has Never Been Easier or More Accessible
Cloud Testing Has Never Been Easier or More AccessibleCloud Testing Has Never Been Easier or More Accessible
Cloud Testing Has Never Been Easier or More AccessiblePerfecto by Perforce
 
Rtc2014 automate the_process_deliver_quality_ady_beleanu
Rtc2014 automate the_process_deliver_quality_ady_beleanuRtc2014 automate the_process_deliver_quality_ady_beleanu
Rtc2014 automate the_process_deliver_quality_ady_beleanuAdy Beleanu
 
11 best practices_for_peer_code_review
11 best practices_for_peer_code_review11 best practices_for_peer_code_review
11 best practices_for_peer_code_reviewSmartBear Software
 
TMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasTMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasKJR
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryGene Gotimer
 
Software Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code QualitySoftware Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code QualityDmytro Patserkovskyi
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldRogue Wave Software
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRogue Wave Software
 

Weitere ähnliche Inhalte

Was ist angesagt?

Agile vs. DevOps for Continuous Testing: How to Optimize Your Pipeline
Agile vs. DevOps for Continuous Testing: How to Optimize Your PipelineAgile vs. DevOps for Continuous Testing: How to Optimize Your Pipeline
Agile vs. DevOps for Continuous Testing: How to Optimize Your PipelinePerfecto by Perforce
 
How to Eliminate Escaped Defects With a Proven Test Automation Coverage Strategy
How to Eliminate Escaped Defects With a Proven Test Automation Coverage StrategyHow to Eliminate Escaped Defects With a Proven Test Automation Coverage Strategy
How to Eliminate Escaped Defects With a Proven Test Automation Coverage StrategyPerfecto by Perforce
 
How to Scale Digital App Testing With Jenkins & Automation You Can Trust
How to Scale Digital App Testing With Jenkins & Automation You Can TrustHow to Scale Digital App Testing With Jenkins & Automation You Can Trust
How to Scale Digital App Testing With Jenkins & Automation You Can TrustPerfecto by Perforce
 
Advanced Codeless Testing for Web Apps
Advanced Codeless Testing for Web AppsAdvanced Codeless Testing for Web Apps
Advanced Codeless Testing for Web AppsPerfecto by Perforce
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
Fast Data, Fast Delivery: How Smart Analysis Accelerates App Testing
Fast Data, Fast Delivery: How Smart Analysis Accelerates App TestingFast Data, Fast Delivery: How Smart Analysis Accelerates App Testing
Fast Data, Fast Delivery: How Smart Analysis Accelerates App TestingPerfecto by Perforce
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
Embedded software validation best practices with NI and RQM
Embedded software validation best practices with NI and RQMEmbedded software validation best practices with NI and RQM
Embedded software validation best practices with NI and RQMPaul Urban
 
IT due diligence and software quality for fintech startups
IT due diligence and software quality for fintech startupsIT due diligence and software quality for fintech startups
IT due diligence and software quality for fintech startupsSieuwert van Otterloo
 
CODE REVIEW AND COOPERATIVE PAIR PROGRAMMING BEST PRACTICE
CODE REVIEW AND COOPERATIVE PAIR PROGRAMMING BEST PRACTICECODE REVIEW AND COOPERATIVE PAIR PROGRAMMING BEST PRACTICE
CODE REVIEW AND COOPERATIVE PAIR PROGRAMMING BEST PRACTICEijseajournal
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperGene Gotimer
 
Professional Software Development, Practices and Ethics
Professional Software Development, Practices and EthicsProfessional Software Development, Practices and Ethics
Professional Software Development, Practices and EthicsLemi Orhan Ergin
 
Network Security Open Source Software Developer Certification
Network Security Open Source Software Developer CertificationNetwork Security Open Source Software Developer Certification
Network Security Open Source Software Developer CertificationVskills
 
Cloud Testing Has Never Been Easier or More Accessible
Cloud Testing Has Never Been Easier or More AccessibleCloud Testing Has Never Been Easier or More Accessible
Cloud Testing Has Never Been Easier or More AccessiblePerfecto by Perforce
 
Rtc2014 automate the_process_deliver_quality_ady_beleanu
Rtc2014 automate the_process_deliver_quality_ady_beleanuRtc2014 automate the_process_deliver_quality_ady_beleanu
Rtc2014 automate the_process_deliver_quality_ady_beleanuAdy Beleanu
 
11 best practices_for_peer_code_review
11 best practices_for_peer_code_review11 best practices_for_peer_code_review
11 best practices_for_peer_code_reviewSmartBear Software
 
TMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasTMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasKJR
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryGene Gotimer
 
Software Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code QualitySoftware Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code QualityDmytro Patserkovskyi
 

Was ist angesagt? (20)

Agile vs. DevOps for Continuous Testing: How to Optimize Your Pipeline
Agile vs. DevOps for Continuous Testing: How to Optimize Your PipelineAgile vs. DevOps for Continuous Testing: How to Optimize Your Pipeline
Agile vs. DevOps for Continuous Testing: How to Optimize Your Pipeline
 
How to Eliminate Escaped Defects With a Proven Test Automation Coverage Strategy
How to Eliminate Escaped Defects With a Proven Test Automation Coverage StrategyHow to Eliminate Escaped Defects With a Proven Test Automation Coverage Strategy
How to Eliminate Escaped Defects With a Proven Test Automation Coverage Strategy
 
How to Scale Digital App Testing With Jenkins & Automation You Can Trust
How to Scale Digital App Testing With Jenkins & Automation You Can TrustHow to Scale Digital App Testing With Jenkins & Automation You Can Trust
How to Scale Digital App Testing With Jenkins & Automation You Can Trust
 
Advanced Codeless Testing for Web Apps
Advanced Codeless Testing for Web AppsAdvanced Codeless Testing for Web Apps
Advanced Codeless Testing for Web Apps
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009
 
Fast Data, Fast Delivery: How Smart Analysis Accelerates App Testing
Fast Data, Fast Delivery: How Smart Analysis Accelerates App TestingFast Data, Fast Delivery: How Smart Analysis Accelerates App Testing
Fast Data, Fast Delivery: How Smart Analysis Accelerates App Testing
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization
 
Embedded software validation best practices with NI and RQM
Embedded software validation best practices with NI and RQMEmbedded software validation best practices with NI and RQM
Embedded software validation best practices with NI and RQM
 
IT due diligence and software quality for fintech startups
IT due diligence and software quality for fintech startupsIT due diligence and software quality for fintech startups
IT due diligence and software quality for fintech startups
 
Test-Driven Code Review: An Empirical Study
Test-Driven Code Review: An Empirical StudyTest-Driven Code Review: An Empirical Study
Test-Driven Code Review: An Empirical Study
 
CODE REVIEW AND COOPERATIVE PAIR PROGRAMMING BEST PRACTICE
CODE REVIEW AND COOPERATIVE PAIR PROGRAMMING BEST PRACTICECODE REVIEW AND COOPERATIVE PAIR PROGRAMMING BEST PRACTICE
CODE REVIEW AND COOPERATIVE PAIR PROGRAMMING BEST PRACTICE
 
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperTesting in a Continuous Delivery Pipeline - Better, Faster, Cheaper
Testing in a Continuous Delivery Pipeline - Better, Faster, Cheaper
 
Professional Software Development, Practices and Ethics
Professional Software Development, Practices and EthicsProfessional Software Development, Practices and Ethics
Professional Software Development, Practices and Ethics
 
Network Security Open Source Software Developer Certification
Network Security Open Source Software Developer CertificationNetwork Security Open Source Software Developer Certification
Network Security Open Source Software Developer Certification
 
Cloud Testing Has Never Been Easier or More Accessible
Cloud Testing Has Never Been Easier or More AccessibleCloud Testing Has Never Been Easier or More Accessible
Cloud Testing Has Never Been Easier or More Accessible
 
Rtc2014 automate the_process_deliver_quality_ady_beleanu
Rtc2014 automate the_process_deliver_quality_ady_beleanuRtc2014 automate the_process_deliver_quality_ady_beleanu
Rtc2014 automate the_process_deliver_quality_ady_beleanu
 
11 best practices_for_peer_code_review
11 best practices_for_peer_code_review11 best practices_for_peer_code_review
11 best practices_for_peer_code_review
 
TMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael PalotasTMF2014 Mobile Testing Workshop Michael Palotas
TMF2014 Mobile Testing Workshop Michael Palotas
 
Better Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous DeliveryBetter Security Testing: Using the Cloud and Continuous Delivery
Better Security Testing: Using the Cloud and Continuous Delivery
 
Software Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code QualitySoftware Engineering Culture - Improve Code Quality
Software Engineering Culture - Improve Code Quality
 

Ähnlich wie 5 Ways to Accelerate Standards Compliance with Static Code Analysis

Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldRogue Wave Software
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRogue Wave Software
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Slides for Houston iPhone Developers' Meetup (April 2012)
Slides for Houston iPhone Developers' Meetup (April 2012)Slides for Houston iPhone Developers' Meetup (April 2012)
Slides for Houston iPhone Developers' Meetup (April 2012)lqi
 
Reliable software in a continuous integration/continuous deployment (CI/CD) e...
Reliable software in a continuous integration/continuous deployment (CI/CD) e...Reliable software in a continuous integration/continuous deployment (CI/CD) e...
Reliable software in a continuous integration/continuous deployment (CI/CD) e...Ann Marie Neufelder
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedAshley Zupkus
 
How Virtual Compilation Transforms Static Code Analysis
How Virtual Compilation Transforms Static Code AnalysisHow Virtual Compilation Transforms Static Code Analysis
How Virtual Compilation Transforms Static Code AnalysisCheckmarx
 
Software Engineering as the Next Level Up from Programming (Oracle Groundbrea...
Software Engineering as the Next Level Up from Programming (Oracle Groundbrea...Software Engineering as the Next Level Up from Programming (Oracle Groundbrea...
Software Engineering as the Next Level Up from Programming (Oracle Groundbrea...Lucas Jellema
 
Using Static Analysis Tools to Become a Superhero Programmer.pptx
Using Static Analysis Tools to Become a Superhero Programmer.pptxUsing Static Analysis Tools to Become a Superhero Programmer.pptx
Using Static Analysis Tools to Become a Superhero Programmer.pptxJamie Coleman
 
Verification at scale: Fitting static code analysis into continuous integration
Verification at scale: Fitting static code analysis into continuous integrationVerification at scale: Fitting static code analysis into continuous integration
Verification at scale: Fitting static code analysis into continuous integrationRogue Wave Software
 
How to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at ScaleHow to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at ScaleDevOps.com
 
Vulnerabilities are bugs, Let's Test For Them!
Vulnerabilities are bugs, Let's Test For Them!Vulnerabilities are bugs, Let's Test For Them!
Vulnerabilities are bugs, Let's Test For Them!VAddy
 
Vulnerabilities are bugs, Let's test for them!
Vulnerabilities are bugs, Let's test for them!Vulnerabilities are bugs, Let's test for them!
Vulnerabilities are bugs, Let's test for them!ichikaway
 
SplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for DevopsSplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for DevopsSplunk
 
How to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOpsHow to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOpsPerforce
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineDevOps.com
 
Measure and increase developer productivity with help of Severless by Kazulki...
Measure and increase developer productivity with help of Severless by Kazulki...Measure and increase developer productivity with help of Severless by Kazulki...
Measure and increase developer productivity with help of Severless by Kazulki...Vadym Kazulkin
 
Automated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps NextAutomated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps NextPerfecto by Perforce
 
How to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less timeHow to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less timeRogue Wave Software
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security Rogue Wave Software
 

Ähnlich wie 5 Ways to Accelerate Standards Compliance with Static Code Analysis (20)

Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT world
 
Rapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysisRapid software testing and conformance with static code analysis
Rapid software testing and conformance with static code analysis
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Slides for Houston iPhone Developers' Meetup (April 2012)
Slides for Houston iPhone Developers' Meetup (April 2012)Slides for Houston iPhone Developers' Meetup (April 2012)
Slides for Houston iPhone Developers' Meetup (April 2012)
 
Reliable software in a continuous integration/continuous deployment (CI/CD) e...
Reliable software in a continuous integration/continuous deployment (CI/CD) e...Reliable software in a continuous integration/continuous deployment (CI/CD) e...
Reliable software in a continuous integration/continuous deployment (CI/CD) e...
 
Zero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically GuaranteedZero-bug Software, Mathematically Guaranteed
Zero-bug Software, Mathematically Guaranteed
 
How Virtual Compilation Transforms Static Code Analysis
How Virtual Compilation Transforms Static Code AnalysisHow Virtual Compilation Transforms Static Code Analysis
How Virtual Compilation Transforms Static Code Analysis
 
Software Engineering as the Next Level Up from Programming (Oracle Groundbrea...
Software Engineering as the Next Level Up from Programming (Oracle Groundbrea...Software Engineering as the Next Level Up from Programming (Oracle Groundbrea...
Software Engineering as the Next Level Up from Programming (Oracle Groundbrea...
 
Using Static Analysis Tools to Become a Superhero Programmer.pptx
Using Static Analysis Tools to Become a Superhero Programmer.pptxUsing Static Analysis Tools to Become a Superhero Programmer.pptx
Using Static Analysis Tools to Become a Superhero Programmer.pptx
 
Verification at scale: Fitting static code analysis into continuous integration
Verification at scale: Fitting static code analysis into continuous integrationVerification at scale: Fitting static code analysis into continuous integration
Verification at scale: Fitting static code analysis into continuous integration
 
How to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at ScaleHow to Operate Kubernetes CI/CD Pipelines at Scale
How to Operate Kubernetes CI/CD Pipelines at Scale
 
Vulnerabilities are bugs, Let's Test For Them!
Vulnerabilities are bugs, Let's Test For Them!Vulnerabilities are bugs, Let's Test For Them!
Vulnerabilities are bugs, Let's Test For Them!
 
Vulnerabilities are bugs, Let's test for them!
Vulnerabilities are bugs, Let's test for them!Vulnerabilities are bugs, Let's test for them!
Vulnerabilities are bugs, Let's test for them!
 
SplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for DevopsSplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for Devops
 
How to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOpsHow to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOps
 
Bridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD PipelineBridging the Security Testing Gap in Your CI/CD Pipeline
Bridging the Security Testing Gap in Your CI/CD Pipeline
 
Measure and increase developer productivity with help of Severless by Kazulki...
Measure and increase developer productivity with help of Severless by Kazulki...Measure and increase developer productivity with help of Severless by Kazulki...
Measure and increase developer productivity with help of Severless by Kazulki...
 
Automated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps NextAutomated Code Reviews with AI and ML - DevOps Next
Automated Code Reviews with AI and ML - DevOps Next
 
How to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less timeHow to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less time
 
Create code confidence for better application security
Create code confidence for better application security Create code confidence for better application security
Create code confidence for better application security
 

Mehr von Perforce

How to Organize Game Developers With Different Planning Needs
How to Organize Game Developers With Different Planning NeedsHow to Organize Game Developers With Different Planning Needs
How to Organize Game Developers With Different Planning NeedsPerforce
 
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...Perforce
 
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...Perforce
 
Understanding Compliant Workflow Enforcement SOPs
Understanding Compliant Workflow Enforcement SOPsUnderstanding Compliant Workflow Enforcement SOPs
Understanding Compliant Workflow Enforcement SOPsPerforce
 
Branching Out: How To Automate Your Development Process
Branching Out: How To Automate Your Development ProcessBranching Out: How To Automate Your Development Process
Branching Out: How To Automate Your Development ProcessPerforce
 
How to Spark Joy In Your Product Backlog
How to Spark Joy In Your Product Backlog How to Spark Joy In Your Product Backlog
How to Spark Joy In Your Product Backlog Perforce
 
Going Remote: Build Up Your Game Dev Team
Going Remote: Build Up Your Game Dev Team Going Remote: Build Up Your Game Dev Team
Going Remote: Build Up Your Game Dev Team Perforce
 
Shift to Remote: How to Manage Your New Workflow
Shift to Remote: How to Manage Your New WorkflowShift to Remote: How to Manage Your New Workflow
Shift to Remote: How to Manage Your New WorkflowPerforce
 
Hybrid Development Methodology in a Regulated World
Hybrid Development Methodology in a Regulated WorldHybrid Development Methodology in a Regulated World
Hybrid Development Methodology in a Regulated WorldPerforce
 
Better, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the EnterpriseBetter, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the EnterprisePerforce
 
Easier Requirements Management Using Diagrams In Helix ALM
Easier Requirements Management Using Diagrams In Helix ALMEasier Requirements Management Using Diagrams In Helix ALM
Easier Requirements Management Using Diagrams In Helix ALMPerforce
 
How To Master Your Mega Backlog
How To Master Your Mega Backlog How To Master Your Mega Backlog
How To Master Your Mega Backlog Perforce
 
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...Perforce
 
How to Scale With Helix Core and Microsoft Azure
How to Scale With Helix Core and Microsoft Azure How to Scale With Helix Core and Microsoft Azure
How to Scale With Helix Core and Microsoft Azure Perforce
 
Achieving Software Safety, Security, and Reliability Part 2
Achieving Software Safety, Security, and Reliability Part 2Achieving Software Safety, Security, and Reliability Part 2
Achieving Software Safety, Security, and Reliability Part 2Perforce
 
Should You Break Up With Your Monolith?
Should You Break Up With Your Monolith?Should You Break Up With Your Monolith?
Should You Break Up With Your Monolith?Perforce
 
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...Perforce
 
What's New in Helix ALM 2019.4
What's New in Helix ALM 2019.4What's New in Helix ALM 2019.4
What's New in Helix ALM 2019.4Perforce
 
Free Yourself From the MS Office Prison
Free Yourself From the MS Office Prison Free Yourself From the MS Office Prison
Free Yourself From the MS Office Prison Perforce
 
Code Quality Management Best Practices
Code Quality Management Best Practices Code Quality Management Best Practices
Code Quality Management Best Practices Perforce
 

Mehr von Perforce (20)

How to Organize Game Developers With Different Planning Needs
How to Organize Game Developers With Different Planning NeedsHow to Organize Game Developers With Different Planning Needs
How to Organize Game Developers With Different Planning Needs
 
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
 
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
 
Understanding Compliant Workflow Enforcement SOPs
Understanding Compliant Workflow Enforcement SOPsUnderstanding Compliant Workflow Enforcement SOPs
Understanding Compliant Workflow Enforcement SOPs
 
Branching Out: How To Automate Your Development Process
Branching Out: How To Automate Your Development ProcessBranching Out: How To Automate Your Development Process
Branching Out: How To Automate Your Development Process
 
How to Spark Joy In Your Product Backlog
How to Spark Joy In Your Product Backlog How to Spark Joy In Your Product Backlog
How to Spark Joy In Your Product Backlog
 
Going Remote: Build Up Your Game Dev Team
Going Remote: Build Up Your Game Dev Team Going Remote: Build Up Your Game Dev Team
Going Remote: Build Up Your Game Dev Team
 
Shift to Remote: How to Manage Your New Workflow
Shift to Remote: How to Manage Your New WorkflowShift to Remote: How to Manage Your New Workflow
Shift to Remote: How to Manage Your New Workflow
 
Hybrid Development Methodology in a Regulated World
Hybrid Development Methodology in a Regulated WorldHybrid Development Methodology in a Regulated World
Hybrid Development Methodology in a Regulated World
 
Better, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the EnterpriseBetter, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the Enterprise
 
Easier Requirements Management Using Diagrams In Helix ALM
Easier Requirements Management Using Diagrams In Helix ALMEasier Requirements Management Using Diagrams In Helix ALM
Easier Requirements Management Using Diagrams In Helix ALM
 
How To Master Your Mega Backlog
How To Master Your Mega Backlog How To Master Your Mega Backlog
How To Master Your Mega Backlog
 
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
 
How to Scale With Helix Core and Microsoft Azure
How to Scale With Helix Core and Microsoft Azure How to Scale With Helix Core and Microsoft Azure
How to Scale With Helix Core and Microsoft Azure
 
Achieving Software Safety, Security, and Reliability Part 2
Achieving Software Safety, Security, and Reliability Part 2Achieving Software Safety, Security, and Reliability Part 2
Achieving Software Safety, Security, and Reliability Part 2
 
Should You Break Up With Your Monolith?
Should You Break Up With Your Monolith?Should You Break Up With Your Monolith?
Should You Break Up With Your Monolith?
 
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
 
What's New in Helix ALM 2019.4
What's New in Helix ALM 2019.4What's New in Helix ALM 2019.4
What's New in Helix ALM 2019.4
 
Free Yourself From the MS Office Prison
Free Yourself From the MS Office Prison Free Yourself From the MS Office Prison
Free Yourself From the MS Office Prison
 
Code Quality Management Best Practices
Code Quality Management Best Practices Code Quality Management Best Practices
Code Quality Management Best Practices
 

Kürzlich hochgeladen

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...masabamasaba
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfonteinmasabamasaba
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...Jittipong Loespradit
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyviewmasabamasaba
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationJuha-Pekka Tolvanen
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfonteinmasabamasaba
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfkalichargn70th171
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is insideshinachiaurasa2
 

Kürzlich hochgeladen (20)

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 

5 Ways to Accelerate Standards Compliance with Static Code Analysis

  • 1. Klocwork by Perforce © 2019 Perforce Software, Inc. 5 Ways to Improve Developer Output with Static Analysis ROD COPE | CHIEF TECHNOLOGY OFFICER , PERFORCE SOCTWARE
  • 2. klocwork.com2 | Klocwork by Perforce © 2019 Perforce Software, Inc. What We’ll Cover 1 2 3 4 5 A brief History of Testing What is Static Code Analysis Why Static Code Analysis is Beneficial Beyond the Scope of Static Code Analysis Static Code Analysis Best Practices 6 Q&A
  • 3. A Brief History of Testing
  • 4. klocwork.com4 | Klocwork by Perforce © 2019 Perforce Software, Inc. History of Testing 1970s and 1980s 1990s 2000s 2010s • Debugging is the same as testing • All I need is unit testing • How did we survive without automated testing? • DevOps is awesome!
  • 5. klocwork.com5 | Klocwork by Perforce © 2019 Perforce Software, Inc. Risks and Challenges Regardless of industry or product, all software developers share the same risks and challenges. These include: • Human errors • Software issues • Hardware issues • Shorter time to release • More complex software
  • 6. What is Static Code Analysis
  • 7. klocwork.com7 | Klocwork by Perforce © 2019 Perforce Software, Inc. Static Code Analysis Myths and Facts Static Code Analysis Myths Static code analysis is a glorified complier. Static code analysis for “junior” developers. Testing is for QA, not developers. Static Code Analysis Facts Unlike compilers, static code analysis find deep inter-procedural and inter-module issues across the entire codebase. Static code analysis helps all developers become more effective, with large sets of checkers, knowledge of entire code base (including legacy code), and rapid results. Fixing errors before check-in/build is easier, cheaper, and causes less rework.
  • 8. klocwork.com8 | Klocwork by Perforce © 2019 Perforce Software, Inc. How Static Code Analysis Works Static Code analysis performs tests that developers don’t (or wont) write. D I F F E R E N T T Y P E S O F A N A L Y S I SR E Q U R I E S S O U R C E C O D E • Must be able to compile code. • No changes to existing build flow. • Analyzes each path of your code. • Inter-procedural. • Inter-file.
  • 9. klocwork.com9 | Klocwork by Perforce © 2019 Perforce Software, Inc. Examples of How Static Code Analysis Works • Static code analysis is similar to a spell. For example: • “he went to the store.” (DEFECT: “he” should be capitalized) • “He went to the store.” (FIXED) • However, static code analysis is more sophisticated. For example: • “Sally purchased two baskets of fruit at the store. When she got home she put the three baskets of fruit on the counter.” (DEFECT: she only purchased two baskets of fruit) • “Sally purchased two baskets of fruit at the store. When she got home she put the two baskets of fruit on the counter.” (FIXED)
  • 10. klocwork.com10 | Klocwork by Perforce © 2019 Perforce Software, Inc. How Static Code Analysis Can Help • Buffer Overflows: Security exploit or program crashes. • Null Pointer Dereferences: Your program crashes. • Memory Leaks: Processor runs out of memory and locks up. • Uninitialized Data Usage: Data injection. • Platform/OS Specifics: Privilege escalation. • Concurrency: Deadlock. • Coding: Ensuring that the code matches the guidelines. • Security: Ensuring that the code free of common vulnerabilities. • Safety: Ensuring that the code minimizes the risk. C O D E I S S U E S S T A N D A R D S C O M P L I A N C E
  • 11. klocwork.com11 | Klocwork by Perforce © 2019 Perforce Software, Inc. Traditional Testing Versus Static Code Analysis • Tradition testing tools require reproduction of the exact runtime conditions that caused the issue to occur. • Requires tests specifically tailored to the code. • Time consuming process. • Not always accurate and reliable. • Static code analysis finds defects early, that aren’t easily identified by manual code reviews. • Comprehensive and reliable. • Identifies coding errors and vulnerabilities before they become and issue.
  • 12. Why Static Code Analysis Helps
  • 13. klocwork.com13 | Klocwork by Perforce © 2019 Perforce Software, Inc. Static Code Analysis Identifies Defects Early in the Process $139 $455 $977 $7,136 $14,103 Requirements Design Coding Testing MaintenanceTime Detected Specification Design Code Unit Test System Test UAT Release Lifecycle Stage Development Unit Tests QA Testing Production Time 1X 3X 5X 10X 100X Requirements Architecture Construction System Test Post Release CosttoFixCosttoFix CosttoFix
  • 14. klocwork.com14 | Klocwork by Perforce © 2019 Perforce Software, Inc. Static Code Analysis Improved Productivity • Increases development productivity. • No test cases, stubs, or complex set up. • Runs your code “as is”. • Example productivity benefits: • Lawrence Livermore: $200K savings on 360K LOC project. • Harris: $60K in six months on 10-person pilot project. • LMCO: 1 critical defect per developer per year gives ROI. • ACCESS Co. : 20% bug reduction (C/C++, IoT). • OpenSpan: Achieved CWE Top 25 compliance.
  • 15. klocwork.com15 | Klocwork by Perforce © 2019 Perforce Software, Inc. Static Code Analysis Ensures Quality and Safety Boeing The Boeing 787 Dreamliner had a software bug which caused “total loss of electrical power” after 248 days. Department of Corrections A software error that calculates prison sentences caused more then 3,200 U.S. prisoners to be released roughly 49 days early.
  • 16. klocwork.com16 | Klocwork by Perforce © 2019 Perforce Software, Inc. Static Code Analysis Identifies Bugs • NEST “smart” thermostat software update caused complete battery drain, shutting off heat during January. • Matt Rogers, NEST co-founder said, “the bug took a few weeks to show up.” • The bug affected 2.5 million smart thermostats in U.S. alone.
  • 17. Beyond the Scope of Static Code Analysis
  • 18. klocwork.com18 | Klocwork by Perforce © 2019 Perforce Software, Inc. Where Static Code Analysis Can’t Help • Verify runtime behavior. • Static tools are what they say — “static”. • Code is not executed. • Verify code matches design. • Does not verify that behavior is as expected. • Can detect issues that leads us to discover design flaws, such as unreachable code. • Prove whether or not a system will work. • Static code analysis results are not accepted as final word for safety-critical systems. However, they do point us in the right direction.
  • 19. klocwork.com19 | Klocwork by Perforce © 2019 Perforce Software, Inc. • May report defects that aren’t a problem. • These are known as false positives. • False positives are not something to be afraid of. • Is this a problem? • Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo. (POTENTIAL DEFECT: repeat words) • This is actually grammatically correct: Bison from Buffalo, New York, who are intimidated by other bison in Buffalo, NY also happen to intimidate other bison in Buffalo, NY. Limitations of Static Code Analysis
  • 20. Static Code Analysis Best Practices
  • 21. klocwork.com21 | Klocwork by Perforce © 2019 Perforce Software, Inc. #1. Use SCA to Check the Security of Your Code SURVEY: Out of 1700 developers, 80% of them incorrectly answered key questions surrounding the protection of sensitive data. Organizations can have difficulty preventing attacks because of: Lack of time. Lack of focus. Lack of proper tools. Most breaches result from input trust issues, such as: Cross-site scripting. SQL injection. Unvalidated input.
  • 22. klocwork.com22 | Klocwork by Perforce © 2019 Perforce Software, Inc. SCA Found Heartbleed S C A R E P O R T
  • 23. klocwork.com23 | Klocwork by Perforce © 2019 Perforce Software, Inc. #2. Use SCA to Enforce Industry and Coding Standards • Significantly reduces the cost of compliance. • Complements existing testing approaches. • Enables automated and repeatable analysis. • Enforces key industry standards. Including: • DISA STIG • CWE • MISRA • CERT • SAMATE • OWASP • DO-178B • FDA validation • And more
  • 24. klocwork.com24 | Klocwork by Perforce © 2019 Perforce Software, Inc. #3. Integrate SCA and CI Into Your Development Process • Continuous Integration: • Continuous merging and testing of developer changes into the mainline code. • Test thosechanges to verify they work with other changes. • Test new code as it is completed to catch issues early. • Benefits of CI: • Improves quality and productivity: • 90% increase in LOC output per programmer when performing daily builds. • 36% reduction in defect rate with integration/regression testing at each check-in. • Increases the benefits of an Agile software development methodology.
  • 25. klocwork.com25 | Klocwork by Perforce © 2019 Perforce Software, Inc. SCA and CI
  • 26. klocwork.com26 | Klocwork by Perforce © 2019 Perforce Software, Inc. Keys to Successful CI To work in a true CI environment, SCA tools must be designed to be: A U T O M A T E D S C A L A B L E E F F I C I E N T R E L E V A N T Support the most important CI build management systems. Require minimal resources and deploy across multiple agents. To reduce feedback time, only analyse the affected code. Report on only the information that is required for the given context.
  • 27. klocwork.com27 | Klocwork by Perforce © 2019 Perforce Software, Inc. #4. Use SCA to Validate Legacy/OSS Integrate Test Open Source COTS Contractors Legacy ISV Your Product $$$$ Cost to Fix Defects
  • 28. klocwork.com28 | Klocwork by Perforce © 2019 Perforce Software, Inc. #5. Use SCA to Help Developers Improve Code Quality • SCA is an Educational Tool: • Common programmatic errors. • Security vulnerabilities. • Standards compliance. ONCE A DEFECT IS REPORTED,UNDERSTAND WHY IT’S A DEFECT AND HOW TO FIX IT.
  • 29. klocwork.com29 | Klocwork by Perforce © 2019 Perforce Software, Inc. Summary 1 2 3 Use SCA to check the security of your code. • Enables you to find vulnerabilities early. Use SCA to enforce industry and coding standards. • Reduces the cost of compliance. Integrate SCA and CI into your development process. • Makes analysis automated, fast, and scalable. 4 5 Use SCA to validate legacy code/OSS. • Enables you to check entire code base before release. Use SCA to help developers improve code quality. • Features a built-in training tool on the desktop.
  • 30. klocwork.com30 | Klocwork by Perforce © 2019 Perforce Software, Inc. • Support for CI via continuous static code analysis (CSCA). • Desktop on-the-fly analysis as well as traditional server analysis. • Helps to ensure compliance with MISRA, OWASP, FDA, CWE, DISA, and other industry and coding standards. • Hundreds of built-in checkers that go beyond just the industry standards. • Unique analysis engine that detects a thorough and comprehensive range of defects. • Widest compiler support. • Custom checker studio for extensibility. • Support for process certification (ISO 26262). Klocwork Continuous Static Code Analysis
  • 31. Q & A