Archive for the ‘Software Quality’ Category

  • 7 habits for highly ineffective source code analysis

    on Jun 29, 10 • by Patti Murphy • with 3 Comments

    Mark Grice is a pretty unflappable guy, but when you ask him a question about barriers to successful adoption of Source Code Analysis (SCA) technology, he starts to splutter. “There are things I see over and over that make me want to bang my head against a wall,” says the Klocwork Director and Manager of our International Reseller/Partner Network.  For the past nine years, Grice has helped companies from around the world to successfully implement SCA. There are many companies that deploy SCA tools and reap their ROI, but there are others that can’t get

    Read More »
  • Software metrics for measuring quality

    on Jan 26, 10 • by Alen Zukich • with 2 Comments

    How do you measure your software?  There are simple metrics that help with quality, such as keeping track of the number of bugs or security vulnerabilities in your system.  Trending these metrics is a no-brainer. When trending is in place, action can be taken because everyone knows 6 security vulnerabilities is worse than 5.  But what about other types of software metrics (and there are many)?  Have you ever heard of a maintainability metric? Halstead program volume? McCabe cyclomatic complexity?  Coupling/Cohesion?  The question becomes what do you do with these metrics and are they valuable

    Read More »
  • Review of Klocwork Java Analysis

    on Jul 6, 09 • by Brendan Harrison • with No Comments

    Here’s a short blog review of Klocwork Solo by Jeanne Boyarsky. Klocwork Solo is a downloadable Eclipse plug-in for Java. Aside from a few installation hiccups, it’ s a good review with kudos for the range of checkers we provide in the default configuration. Try it out yourself and let us know what you think

    Read More »
  • “Oh, if only it were open source…”

    on Jun 8, 09 • by Gwyn Fisher • with 1 Comment

    Don’t get me wrong, I’m a big fan of open source, but why does everything have to be black and white? If it’s closed it must be evil and by association probably not written well, whereas if it’s open, it’s awesome and godly in its unnatural power to cure world hunger? I’m referring, in this particular instance, to the righteous indignation that surfaced as a result of the castigation served up for the manufacturers of that ever-popular device, the breathalyzer. And yes, I’ve been stood at the side of the road looking stupidly at the

    Read More »
  • Build Analysis and Source code analysis must work together

    on Apr 25, 09 • by Alen Zukich • with No Comments

    There’s been some recent discussion around using source code analysis (SCA) technology for build clean-up and optimization. I thought it might be useful to try and separate the spin from reality and outline where and how static source code analysis can be used for build optimization. First, every SCA tool worth its salt does build analysis. Automated discovery of a customer’s build system is a required capability for deep static code analysis. Most users of SCA attempt to discover bugs, security vulnerabilities, and other maintainability problems. Some customers will also leverage the build analysis itself

    Read More »
  • In-phase defect containment

    on Feb 16, 09 • by Brendan Harrison • with 1 Comment

    Here’s Gwyn chatting about general software development challenges, in particular the whole goal of “in-phase defect containment” – i.e. identifying and correcting defects in the same development phase they’re created. Near the end of the video, there’s a short discussion on how this objective fits in an Agile context. With Agile’s focus on the frequent delivery of working software, in-phase containment becomes even more important, even though it’s more often associated with more formal methodologies such as CMMI and Six Sigma. CM Crossroads

    Read More »
  • Java source code vs bytecode analysis

    on Jan 6, 09 • by Alen Zukich • with No Comments

    David posted an interesting discussion on the usage of static analysis tools by developers to find security vulnerabilities.  As always the discussion with static analysis tools lean towards the false positive and false negative discussion.  But also David mentions their results are sometimes difficult to understand.   This is one of the reasons Klocwork switched from a bytecode analysis tool for Java to a source code analysis tool.  As both have their advantages and disadvantages (and I admit I’m very biased here) we have certainly found that we have been able to reduce our false positive

    Read More »
  • ISV software quality; tortology or oxymoron…

    on Dec 10, 08 • by Gwyn Fisher • with No Comments

    It’s kind of bizarre, but in my pre-Klocwork experience of running ISV development groups, from small teams to global enterprises, it never struck me as wrong that we would routinely ship software containing critical bugs. We knew we were doing it. We knew, on some abstract underground never-to-be-admitted layer of our deepest darkest souls, that this was a “bad thing.” But mostly, we knew that when somebody found a bug we could just send them a patch. And what’s more, we knew that customers expected this behavior. We got requests to “send us a patch

    Read More »
Scroll to top