Home Conference Sessions Disrupting QA – ...

Disrupting QA – Emerging Trends in Code Quality Automation

Stephen Magill | GOTO Chicago 2019

You need to be signed in to add a collection

Historically, static analysis has been widely used to identify defined sets of security issues via overnight runs across entire code bases. A recent trend has been the evolution of static analysis methods and tools to:<br /> 1) become much more scalable and<br /> 2) leverage machine learning to substantially improve code quality. These improvements allow a much tighter integration into modern agile development processes. At the same time, the scope of these tools has broadened from purely security-relevant bugs to performance and reliability issues like memory leaks and data races. Google and Facebook have pioneered a new model of static analysis deployment that involves improving developer productivity via broad deployment of extremely scalable static analysis (billions of lines of code / thousands of commits per day). This talk will review these recent developments as well as the history of static analysis in commercial software and its evolution in the academic world. It will provide an overview of the current commercial landscape, and conclude with best practices for organizations looking to bring static analysis into their development environment. <p> <b>Who should attend this talk:</b> Developers, engineering managers and executives <p/> <p> <b>Academic level:</b> Introductory <p/> <p> <b>Key takeaway:</b> Why static analysis is useful, overview of commercial tools in the market, and best practices for incorporating static analysis into a development environment. <p/>

Share on:
linkedin facebook
Copied!

Transcript

Historically, static analysis has been widely used to identify defined sets of security issues via overnight runs across entire code bases. A recent trend has been the evolution of static analysis methods and tools to:

  1. become much more scalable and
  2. leverage machine learning to substantially improve code quality.

These improvements allow a much tighter integration into modern agile development processes. At the same time, the scope of these tools has broadened from purely security-relevant bugs to performance and reliability issues like memory leaks and data races. Google and Facebook have pioneered a new model of static analysis deployment that involves improving developer productivity via broad deployment of extremely scalable static analysis (billions of lines of code / thousands of commits per day).

This talk will review these recent developments as well as the history of static analysis in commercial software and its evolution in the academic world. It will provide an overview of the current commercial landscape, and conclude with best practices for organizations looking to bring static analysis into their development environment.

Who should attend this talk: Developers, engineering managers and executives

Academic level: Introductory

Key takeaway: Why static analysis is useful, overview of commercial tools in the market, and best practices for incorporating static analysis into a development environment.

About the speakers

Stephen Magill

Stephen Magill

World-recognized expert on program analysis