Category Archives: Quality

Software Safety Keynote EuroSPI 2016

I was honored this week to have the opportunity to present a keynote session at EuroSPI 2016. The title of my presentation was “Software Safety and Security Through Standards” and I discussed one of my favorite soapboxes. That is the idea that software development is often less disciplined than it should be, but it doesn’t have to be. We can and should develop software as an engineering discipline.

One of the key ways to start down this path is to implement coding standards properly. Too many are trying to use coding standards late in the process as a way to find bugs, rather than a way to flag improper methods of coding early on. While the former is cool, the latter is far more valuable.

The adage that “you can’t test quality in a product” is well known, but for some reason in software we think that you can indeed test quality into an application. The same goes for application security, perhaps even doubly so.

In order to break out of the current cycle of code, deploy, fix, redeploy we have to start doing things differently. We have to build a more mature software development process and static code analysis is the way to build upon the body of knowledge and best practices available.

Slides are below. Let me know if you have comments, questions, suggestions. And thanks to everyone at EuroSPI and ASQ for putting on a great conference and allowing me to participate. These are great organizations to get involved with if you’re serious about software quality. I encourage you to check them out.

ASQ Conference in Long Beach

Just a reminder that I’ll be at the International Conference on Software Quality in sunny Long Beach, CA. next week. It’s sponsored by the ASQ Software division. Tutorials are next Monday, March 9th, and the regular sessions are Tuesday-Wednesday.

At this point, you’ll have to register at the door, but don’t let that stop you. come learn great stuff about software quality and chat with the Code Curmudgeon in person! I’d love to see you there.

The March 9-11, 2015 ICSQ focuses on the application of real-world experiences, proven solutions and lessons learned in applying software quality practices in application software and custom logic devices. Topics include auditing, standards, risk management, tools, techniques, methodologies, frameworks, processes, practices, QA/QC, metrics, testing, measurement and current industry trends.

Please see the conference web site for additional details:

Hilton Long Beach & Executive Meeting Center, Long Beach, California

Real-World Software Quality: Trends and Practices

2015 ICSQ focuses on the application of real-world experiences, proven solutions, and lessons learned in applying software quality practices in application software and custom logic devices.

40 concurrent tracks in these topics:

Risk Management
Quality Assurance
Current industry trends

New This Year: Foundations and Fundamentals track highlights key concepts on software quality – targeted to those who are newer in their software quality role and those who seek to enhance their practical knowledge.

C9D9 Discussion about Continuous Testing

For those who missed it, I was part of a fun discussion earlier this week on Continuous Testing and Test Acceleration, hosted by Electric Cloud. Sam Fell over there does this regularly as part of their C9D9 or continuous discussion series.

C9D9 - continuous discussion
C9D9 – continuous discussion

Basically it’s a group of us sitting around chatting about various issues such as how to enough when you’ve got enough testing, or what is the best way to get started.

If you missed it, you can still watch the recording at the Electric Cloud blog

This episode features:

arthurArthur Hicken
Parasoft Evangelist, expert in creating secure, defect-free software via Service Virtualization, Cloud/API Testing, and Development Testing.
@CodeCurmudgeon | ;
floFlorian Motlik
Flo is the CTO and co-founder at Codeship, a hosted continuous delivery service. He’s passionate about immutable infrastructure and helping teams build more productive processes.
@flomotlik |
greggGregg Caines
Software engineer for ClassDojo, an Educational Technology start-up in San Francisco. Gregg is interested in open source software, APIs, craftsmanship and Continuous Delivery.
@GreggCaines |
trevorTrevor Parsons
Trevor is the Co-founder & chief scientist at @Logentries, log management & analytics made easy. Irish, software engineer. PhD, @UCDDublin alumnus.
@trevparsons |

Achieving Results with Static Analysis

not-getting-resultsI’m doing a two-part webinar for Parasoft on how to achieve good demonstrable ROI and quality results with static analysis.

All too many people jump into static and either end up giving up, or being unable to determine what value it’s had, or spending way too much time just dealing with the static analysis rather than writing code.

We’ll spend some time talking about how to do it right and how to avoid the common pitfalls, helping you to get the most value out of your effort. It’s free, and there is a certificate at the end if you can pass the test. (No kidding!)

Sign up at this page.

And for those waiting, more SQL Injection Hall of Shame updates coming very soon – plus comments on the whole consumer point-of-sale security debacle.