November 2011 - Code Curmudgeon

The Ins and Outs of Opting and Privacy

There has been another rash of security and privacy issues by major internet companies. Actually it’s more of an ongoing issue than it is...

It’s finally official – at least for those who are aware of how the web works. Yesterday Adobe (ADBE) announced that they will be...

In ongoing discussions here at the blog and elsewhere, I keep seeing the topic of false positives in static analysis come up. It’s certainly...

CAN (Controller Area Network): Controller Area Network aka CAN aka CAN Bus is a wiring standard for vehicles that enables communication between various components and devices without having a host computer. For example doors, brakes, transmission.
false positive: A result that is incorrect. Strictly speaking, it means that the tool providing the answer got it wrong. Generally it has a broader usage, meaning an error message that the developer doesn't think is important or real, either because of context or misunderstanding by the developer.
flow analysis: A form of static analysis that works by analyzing software by tracing data flows and paths that might be used when running the application. It can find weaknesses, but is subject to false positive results because the paths and data it finds my be improbable or impossible.
code review: Code review is a process where programmers look at each others code and evaluate it's fitness for the intended purpose. It can find mistakes in design and implementation beyond simple syntax problems and improve quality.
static analysis: Any form of software analysis that can be done on the code without actually executing the code. Encompasses techniques like pattern-based analysis, metrics, code review, etc.