Archive for the ‘Coding Standards’ Category

  • CWE Compatibility Program

    on Sep 5, 12 • by Alen Zukich • with No Comments


    If you’re an organization that cares about security and the repercussions that come with that, then you probably already know all about Common Weakness Enumeration (CWE). CWE is a community project sponsored by the MITRE Corporation. As a software vendor providing security vulnerability detection, it’s important to be part of the CWE Compatibility Program.  This program identifies vendors that are officially CWE-compatible. This means you can count on the vendor to provide guidance in their product with respect to CWE identifiers, including direct links to the wealth of information that is kept up to date

    Read More »
  • Golden rules of AST checker development

    on Jan 24, 12 • by Patti Murphy • with No Comments


    In my previous post, It’s time to create a custom checker…, we looked at the considerations involved in deciding which checker to create–AST or path? In this post, we’re going to use a custom checker to enforce an internal coding standard that extends the default set of checkers in our source code analysis tool. To do this, I’ve called upon Steve Howard, our head of Partner Support in Europe, to get us started with an AST checker to accomplish our goal. Steve has coached many customers through the checker creation process. In his experience, the

    Read More »
  • Importance of MISRA

    on Jul 26, 11 • by Alen Zukich • with No Comments


    Recently I was at our European partner advisory board.  This is a session where we all get together and talk about the current market, the upcoming release and anything else to help our partners be more successful.  The most valuable sessions for myself is hearing from the partners on what works and what doesn’t.  This ranges from commercial issues to technical issues with the product. One very clear message from all the partners was that our MISRA support was a huge plus.  Here in North America we have seen small pockets of adoption, but in

    Read More »
  • ESC SJ 2010 – Optimism, Tools for small codebases and MISRA

    on May 5, 10 • by Eric Hollebone • with No Comments


    I just got back from a visit to the Valley and had an awesome week in San Jose/San Fran.  I even had time to play a bit of the tourist this time (I ran the Golden Gate bridge/Presidio).  All that was fun, but what I always enjoy is the conversations we had with customers and prospects at this year’s ESC SJ 2010 conference. It is always interesting listening to their successes and teasing out the trending topics and new issues that matter to development teams.  Here are the top three themes that caught my ear this year

    Read More »
  • Compiler warnings, Coding standards, Code quality…oh my! (Part 3)

    on Jan 12, 10 • by Alen Zukich • with No Comments

    In my previous blog post, we talked about the value of compiler warnings and reasons to have source code analysis. Now, I’d like to get into the value of coding standards and touch on how you can fit this altogether. Coding standards are a set of rules or guidelines usually created as part of an industry. The goal is simple, provide guidelines, so you can create better code and increase your code quality. Probably the most common coding standard I run into is called MISRA C. This is a standard created for C code in

    Read More »
  • Compiler warnings, Coding standards, Code quality…oh my! (Part 2)

    on Nov 3, 09 • by Alen Zukich • with No Comments

    In the first blog series, we discussed the value of compiler warnings and wondered why a static analysis tool would have similar error checking features. In this installment, we want to dive deeper into this question by reviewing errors that can be found by compilers, why they matter, and what limitations compilers have in this area. Let’s take an example of the “implicit int” rule: int foo() { const x = 0; return x; } This is a situation where failure to specify a type results in this compiler warning from (gcc v.3.4.4) or Microsoft

    Read More »
  • Compiler warnings, Coding standards, Code quality…oh my! (Part 1)

    on Oct 7, 09 • by Alen Zukich • with No Comments

    In this 3 part blog series I want to cover general misconceptions with static analysis coverage.  This will include a discussion about: compiler warnings available, different types of style issues including coding standards, and your available options to fit them into your formal process. Very often customers ask why we don’t cover specific checkers.  We always get great feedback on high value checkers that they would like to see.  But occasionally we get the request to find simple compiler warnings or code style issues. For the first part of this series I want to focus

    Read More »
Scroll to top