Posts Tagged ‘Source Code Analysis’

  • What do dinosaur DNA and complex software projects have in common?

    on Sep 11, 15 • by Walter Capitani • with No Comments


    You may think there's no connection, but when developers’ cut-and-paste code from other projects, open source software, or sample code from the internet, the results can be scarier than a T-Rex

    Read More »
  • Dr. Dobb’s Takes a Look At New Version of Klocwork Insight

    on Oct 3, 13 • by Chris Bubinas • with No Comments

    Static code Analysis

    Klocwork has released version 10 of its source code analysis tool, Insight. Key new features of Insight 10 include additional checker sets and taxonomies for security and compliance standards. Developers also have the ability to create their own taxonomies using the new taxonomy design feature, and apply these to projects where applicable

    Read More »
  • Code branching – common code, common defects

    on May 29, 12 • by Alen Zukich • with No Comments


    Every revision control or source code management system uses branching. Branching refers to the duplication of files under version control so that two (or more) copies of those files may develop at different times or in different ways. Okay, we all know this. With branching, you get a lot of duplicated code. In some branched projects, the majority of the code is the same. So how does this impact your source code analysis or static analysis strategy? Well, it is a big problem. What if you spend your time analyzing a defect and come to

    Read More »
  • The business case for source code analysis

    on May 15, 12 • by Brendan Harrison • with No Comments


    Everyone knows this chart, right? The later bugs are introduced, the more they cost. Of course, common sense. But it also happens to be true. As the chart shows, very little bug detection is happening before testing, while a developer is coding. So, if you find more bugs when the cost of repair is least expensive and risky, you’re obviously going to get a big payoff. Ok, so far you haven’t heard anything that every software development professional doesn’t already know. What everyone doesn’t know is that source code analysis can deliver this payoff. We

    Read More »
  • Static analysis is NOT Bugzilla

    on Apr 24, 12 • by Alen Zukich • with 1 Comment


    Time and time again I get asked, how does static analysis fit into my existing bug tracking system? “I need an integration with my system (i.e. Bugzilla) because that is what we use everyday. Every time I find a bug I need to track this through my system.” This is where I take a deep breath as I scream on the inside. Taking every bug and putting that into your bug tracking system is just wrong. Horribly wrong. The best way I can describe this is through the compiler analogy. Every time you add a feature or bug fix,

    Read More »
  • Perceptual False Positives

    on Mar 13, 12 • by Alen Zukich • with 2 Comments


    As any static analysis or source code analysis vendor will tell you, false positives are a way of life.  As any user will tell you, false positives suck!  So what do you do about them?  Make the tools better at finding the real issues and provide automated filtering capabilities.  But I’m not here to talk about false positives where the tool is utterly wrong.  What I want to talk about today is what I call “perceptual false positives”. I’ve had discussions with customers where they tell me 80% of all their defects are false.  Odd,

    Read More »
  • Answering questions about your code base – Part 1

    on Feb 8, 12 • by Patti Murphy • with 1 Comment


    Static analysis captures the current state of your code base and helps you answer key questions about the quality, security and maintainability of your software project. Think Magic 8 Ball with build omniscience and powerful reporting tools. OK, maybe Magic 8 Ball isn’t a good analogy. Answers to what questions, you ask? One we often hear from customers is: Where do I start? A good place to start is a report that captures the distribution of defect types from your current build.  For example, we recommend that our customers glance over the Top 10 Issues

    Read More »
  • Golden rules of AST checker development

    on Jan 24, 12 • by Patti Murphy • with No Comments


    In my previous post, It’s time to create a custom checker…, we looked at the considerations involved in deciding which checker to create–AST or path? In this post, we’re going to use a custom checker to enforce an internal coding standard that extends the default set of checkers in our source code analysis tool. To do this, I’ve called upon Steve Howard, our head of Partner Support in Europe, to get us started with an AST checker to accomplish our goal. Steve has coached many customers through the checker creation process. In his experience, the

    Read More »
  • Microsoft banned function list

    on Sep 27, 11 • by Alen Zukich • with 1 Comment


    We have blogged before about software security guidelines, but there is one we haven’t discussed.  Several years ago Microsoft published the “Security Development Lifecycle (SDL) Banned Function Calls” list.  These banned functions can be a good way to remove a significant number of potential code vulnerabilities from C and C++ code.  They provide recommendations on better or safer functions to use with the caveat that even these “safer” function should be used with care. You can use the banned.h file to identify and obtain deprecation warnings or, even better, use this as part of your

    Read More »
  • The Evolution of Static Code Analysis – Part 3: The Present Day

    on Jun 8, 11 • by Todd Landry • with 1 Comment


    My first 2 posts looked at 2 different eras of Static Code Analysis, the Early Years and the Early 21st Century. The SCA solutions of these times were revolutionary, and helped software development teams a great deal. But they had their warts. In the final post in this series, I’m going to introduce you to the present day Static Code Analysis technology and how it is impacting developers. The Present Day I’m a huge fan of Reece’s Peanut Butter Cups. I love them. I keep active so I don’t feel guilty eating them. In a

    Read More »
Scroll to top