I’ve long been an advocate for turning software development into software engineering. By this I mean that we need to start following known best practices and using the tools and processes that have been proven to help produce better code. It’s amazing how software developers often ignore standard things that everyone knows makes for better code.
As an effort to promote understanding I’m doing a two-part webinar series with Parasoft on this topic this Thursday the 22nd and next Thursday the 29th. Come join us and learn how getting back to the basics is a great way to harden your software and improve security, safety, and reliability.
The best way to fundamentally improve software is simply to get back to software engineering fundamentals. But reaping benefits from these fundamentals (such as static code analysis, runtime analysis, and unit testing) requires using these practices effectively, and ineffective practices persist at organizations around the world: unit test suites that are noisy are often ignored and hide real issues that will happen after deployment; static analysis that focuses on simple bug-finding instead of real defect-prevention represents a real missed opportunity and forces us to react to software issues rather than take a proactive stance.
In this two-part webinar series, we’ll go into detail on how to reap maximum benefits from fundamental software development practices, showing you how to use them effectively by leveraging Parasoft’s automated testing tools.
In the first session, we’ll concentrate on process, setup, and configuration, to provide you with actionable takeaways around:
- How to harden your code with static code analysis to increase safety and prevent cyber attacks, including which coding standards are the best place to start
- How to add runtime error detection to your testing process to find bugs early and avoid reliability issues in the field
- How unit test automation reduces your effort of creating and maintaining test suites
In the second session, we’ll show you how to integrate automated testing tools into your existing software development process. You will learn how these tools can run as part of continuous integration, inside your favorite development environment. We’ll focus on:
- How to create tests more quickly for C, C++, Java, and .NET by building on ready-made frameworks
- How to win at continuous testing by leveraging automation and analysis
- How to streamline compliance efforts that are normally tedious, with efficiency provided by static code analysis and unit testing
Join us June 22nd and June 29th to see for yourself how easy the fundamentals can be, and how they can help you perfect your software.
I was honored this week to have the opportunity to present a keynote session at EuroSPI 2016. The title of my presentation was “Software Safety and Security Through Standards” and I discussed one of my favorite soapboxes. That is the idea that software development is often less disciplined than it should be, but it doesn’t have to be. We can and should develop software as an engineering discipline.
One of the key ways to start down this path is to implement coding standards properly. Too many are trying to use coding standards late in the process as a way to find bugs, rather than a way to flag improper methods of coding early on. While the former is cool, the latter is far more valuable.
The adage that “you can’t test quality in a product” is well known, but for some reason in software we think that you can indeed test quality into an application. The same goes for application security, perhaps even doubly so.
In order to break out of the current cycle of code, deploy, fix, redeploy we have to start doing things differently. We have to build a more mature software development process and static code analysis is the way to build upon the body of knowledge and best practices available.
Slides are below. Let me know if you have comments, questions, suggestions. And thanks to everyone at EuroSPI and ASQ for putting on a great conference and allowing me to participate. These are great organizations to get involved with if you’re serious about software quality. I encourage you to check them out.
If you’re going to be in Europe in September, I’ll be speaking at the EuroAsiaSPI2 2016 conference in Graz, Austria on September 15th.
EuroAsiaSPI2 is also known as European & Asian System, Software & Service Process Improvement & Innovation. The EuroAsiaSPI² conference presents and discusses results from systems, software and services process improvement and innovation or SPI projects in industry and research, focusing on the gained benefits and the criteria for success. This year’s event is the 21st of a series of conferences to which international researchers and professionals contribute their lessons learned and share their knowledge as they work towards the next higher level of software management professionalism.
I’ll be speaking on Software Safety and Security through Standards
Software has moved from the desktop in just about everything we touch. From smart thermostats to infusion pumps to cars software is pervasive and growing. These so-called “things” from the Internet-of-Things are increasingly carrying more logic and with it a larger risk of failure. Many of these devices are using in safety critical areas such as medical and automotive where they have a particular potential for bodily harm.
Most companies that have been building devices rightly view current software development as an almost insane group of cowboys and chaos. But there is hope, software CAN and MUST be treated an engineering practice. Coding standards move us from the build, fail, fix cycle back into a design, build, deliver cycle with high quality, safety, and security.
As it turns out, these same standards also provide benefits in the areas of cybersecurity, doing double duty. We will explore how standards help us move from finding bugs to building more robust software, how to prevent problems in the first place by proper coding, and how to leverage the efforts of others by using common accepted industry standards such as MISRA to achieve this goal.
To attend you can register here.