Historically, static analysis has been widely used to identify defined sets of security issues via overnight runs across entire code bases. A recent trend has been the evolution of static analysis methods and tools to:
- become much more scalable and
- leverage machine learning to substantially improve code quality.
These improvements allow a much tighter integration into modern agile development processes. At the same time, the scope of these tools has broadened from purely security-relevant bugs to performance and reliability issues like memory leaks and data races. Google and Facebook have pioneered a new model of static analysis deployment that involves improving developer productivity via broad deployment of extremely scalable static analysis (billions of lines of code / thousands of commits per day).
This talk will review these recent developments as well as the history of static analysis in commercial software and its evolution in the academic world. It will provide an overview of the current commercial landscape, and conclude with best practices for organizations looking to bring static analysis into their development environment.
Who should attend this talk: Developers, engineering managers and executives
Academic level: Introductory
Key takeaway: Why static analysis is useful, overview of commercial tools in the market, and best practices for incorporating static analysis into a development environment.