ACI Worldwide is a provider of payments software to banks and merchants around the world. With more than 800 software engineers working in development centers in seven time zones, issues such as software quality and security are critical to ACI’s success. As director of security engineering, its my job to ensure that our code base is bug-free and intruder resistant, while continually improving the software’s overall quality. These concerns aren’t new. They’ve been our mantra since the company was founded more than three decades ago. We decided several years ago that the best way to ensure quality and security was to introduce static source code analysis into our development processes.
Static code analysis is the process of examining and evaluating software without actually executing the code. Analyzing software when executing software is known as dynamic analysis. Static code analysis is all about moving the detection of critical security and quality problems upstream, ensuring they’re identified and fixed early in the development process.
This approach yields significant productivity gains across the entire process and leads to cleaner, more stable builds, more efficient testing, and of a course, a higher quality product. Besides helping us find bugs that we’ve missed in unit testing, static code analysis has made all our engineers aware of security issues and helped us teach junior staff better coding techniques.