Tag Archives: static analysis

Getting the Most out of Static Analysis Tutorial at ICSQ

quality hand
The International conference on software quality starts on February 24th in Texas, and I’ll be giving a tutorial session there. In addition to the tutorial sessions they’ll be doing certification exams, exhibits, conference sessions, and the usual helpful training. The conference is sponsored by the ASQ Software Division.

The conference theme this year is Achieving Safe, Effective and Reliable Software. It’s an important topic for anyone that needs to make sure their software works, like automotive, aerospace, defense, financial, medical devices, nuclear, and telecommunications.icsq_logo_20

My tutorial session is one of the “pre-sessions” on Monday Feb 24th from 1:00pm – 5:00pm. It’s called “Getting the most out of static analysis“.

Static analysis has the potential to drastically improve software quality, reduce risks associated with the software development process, and increase development team productivity. Nonetheless, many organizations adopt a static analysis tool or development testing suite of tools only to abandon it after their implementation yields noisy false-positives, increased effort, and little to no ROI. In most cases, the problem isn’t with static analysis as a concept. Unsuccessful static analysis implementations are usually the result of process failures, such as a lack of planning and a vast geek gap between business expectations and development policies.

As part of interactive workshop exercises, attendees will apply a pseudo code methodology to help them quantify the cost of analysis that can be used to weigh against risks. The goal of the interactive exercises is to determine, depending on the attendee’s application, when, if and for what components of the application is static analysis appropriate.

In this tutorial, attendees will learn

  • Various implementations of static analysis technologies, such as pattern-based analysis and flow analysis
  • How to properly configure their static analysis tools and implement the right type of static analysis for the application (agile, safety-critical, etc.)
  • How to ensure that static analysis tools are connected to business needs and the role of policy in aligning development activities with business expectations
  • How to reduce noise—static analysis violations that aren’t contributing to the progress of the application development
  • How to move from a debugging process to a preventative strategy
  • How to avoid the top 10 static analysis mistakes most organizations make

It’s going to be a whole bunch of practical information to make sure you’re doing what works best and will be able to measure ROI for your own organization. Plus we’re going to have some fun doing it. You can register at ICSQ. Hope to see you there.


Achieving Results with Static Analysis

not-getting-resultsI’m doing a two-part webinar for Parasoft on how to achieve good demonstrable ROI and quality results with static analysis.

All too many people jump into static and either end up giving up, or being unable to determine what value it’s had, or spending way too much time just dealing with the static analysis rather than writing code.

We’ll spend some time talking about how to do it right and how to avoid the common pitfalls, helping you to get the most value out of your effort. It’s free, and there is a certificate at the end if you can pass the test. (No kidding!)

Sign up at this page.

And for those waiting, more SQL Injection Hall of Shame updates coming very soon – plus comments on the whole consumer point-of-sale security debacle.


Static Analysis Webinars: AppSec and Prevention

Information Security Wordle: OWASP Guide to Building Secure Web Applications and Web Services Wednesday October 30th I’m doing the third part in the appsec static analysis webinar series for Parasoft. The topic for this session is “Strategies for Optimizing Application Security and Defect Prevention“. You can join for free online on Wednesday, October 30, 2013 10:00 AM – 10:30 AM PDT. Dont forget to register here.

Your application security (appsec) and defect prevention strategy is either a liability or a competitive advantage. Even if you are seeing a good ROI from your static analysis implementation, exploring strategies for optimizing application security and defect prevention is still essential for ensuring lowered risk, increased productivity, and brand protection.

In this webinar, I will discuss how organizations can take a proactive approach to securing its applications with a comprehensive tool set that will help development managers and stakeholders sleep better.

I look forward to seeing you there.

Webinar: Getting ROI from Static Analysis

Unlock the value Next week I’m doing a static analysis webinar for Parasoft about “Getting More FOI from Static Analysis” on Tuesday October 15th at 10:00 AM Pacific. What I’ve been seeing is that a lot of people either don’t know how to determine the value they’re getting from static code analysis, or aren’t actually getting the value they need.
I’ll talk about some ways to make sure that you can maximize the value as well as measure it. It’s 30 minutes and free as always. Join us



A lack of time, resources, or training often makes getting beyond basic static analysis implementations difficult. Development managers and stakeholders may not even realize that their current static analysis configurations are leaving a wealth of untapped risk-reducing options on the table, which may lead to abandoning the critical software quality practice.

In this webinar, Parasoft Static Analysis Expert Arthur Hicken will discuss tips and tricks for getting more value from your static analysis. Drawing from his 20+ years of field experience, Arthur aka CodeCurmudgeon will offer advice on using policy to connect static analysis to your business needs at the process level, which ensures that you get a better return on your static code analysis investment, while avoiding common pitfalls.

[Update – even if you missed this webinar you can still watch the recording by going to the registration link.]