Getting the Most out of Static Analysis Tutorial at ICSQ

quality hand
The International conference on software quality starts on February 24th in Texas, and I’ll be giving a tutorial session there. In addition to the tutorial sessions they’ll be doing certification exams, exhibits, conference sessions, and the usual helpful training. The conference is sponsored by the ASQ Software Division.

The conference theme this year is Achieving Safe, Effective and Reliable Software. It’s an important topic for anyone that needs to make sure their software works, like automotive, aerospace, defense, financial, medical devices, nuclear, and telecommunications.icsq_logo_20

My tutorial session is one of the “pre-sessions” on Monday Feb 24th from 1:00pm – 5:00pm. It’s called “Getting the most out of static analysis“.

Static analysis has the potential to drastically improve software quality, reduce risks associated with the software development process, and increase development team productivity. Nonetheless, many organizations adopt a static analysis tool or development testing suite of tools only to abandon it after their implementation yields noisy false-positives, increased effort, and little to no ROI. In most cases, the problem isn’t with static analysis as a concept. Unsuccessful static analysis implementations are usually the result of process failures, such as a lack of planning and a vast geek gap between business expectations and development policies.

As part of interactive workshop exercises, attendees will apply a pseudo code methodology to help them quantify the cost of analysis that can be used to weigh against risks. The goal of the interactive exercises is to determine, depending on the attendee’s application, when, if and for what components of the application is static analysis appropriate.

In this tutorial, attendees will learn

  • Various implementations of static analysis technologies, such as pattern-based analysis and flow analysis
  • How to properly configure their static analysis tools and implement the right type of static analysis for the application (agile, safety-critical, etc.)
  • How to ensure that static analysis tools are connected to business needs and the role of policy in aligning development activities with business expectations
  • How to reduce noise—static analysis violations that aren’t contributing to the progress of the application development
  • How to move from a debugging process to a preventative strategy
  • How to avoid the top 10 static analysis mistakes most organizations make

It’s going to be a whole bunch of practical information to make sure you’re doing what works best and will be able to measure ROI for your own organization. Plus we’re going to have some fun doing it. You can register at ICSQ. Hope to see you there.


Leave a Reply

Your email address will not be published.