In the latest installment of the Jurassic Park franchise released this summer, software developers and managers will recognize an all-too familiar scenario: faced with looming deadlines and high expectations for their latest product (a hybrid superstar dinosaur named ‘Indominus Rex’), the engineers in charge have cut-and-pasted DNA from cuttlefish, tree frogs, and velociraptors into your friendly neighborhood T. Rex in order to achieve the desired ferocious appearance and behavior, while adapting this homicidal Barney to the local climate.
Of course, the new kid on the block is placed in the same old-style concrete enclosure topped with electric fence, without any regard to what new physical abilities or intelligence it may have. In a real-world twist, the executives of the new park don’t even know what DNA has actually been included (apparently its part of a top secret military plan).
You spliced in DNA from a cuttlefish?
So what happens when developers cut-and-paste code from other projects, open source software, or even sample code from the internet? That code ends up in the same old testing environment, which may not be able to find potential error conditions and security vulnerabilities that were cut-and-pasted as well!
How can I detect security and quality problems automatically?
Static code analysis can detect software quality defects and security vulnerabilities on-the-fly, as developers write each line of code. Even if specific test cases aren’t created to cover the new code, the quality and security checkers built into static code analysis tools automatically look for potential defects every time code is changed. This reduces the cost of correcting defects by detected them as early as possible in the software development lifecycle – as soon as they are typed!
If you’re including open source packages in your software, open source scanning services can help manage your open source bill-of-materials and alert you to security and quality issues within those packages. This improves your organization’s response time to correcting any possible vulnerabilities before they’re exploited.
• Learn what’s new in the latest release of Klocwork static code analysis
• Find out more about how Klocwork can increase software quality while shortening development time and reducing cost
• How code confident are you? Take a short test and learn where you shine – and where you can make some improvements.