SlideShare a Scribd company logo

[Europe merge world tour] Coverity Development Testing

•
•
Perforce
Perforce

Presentation from Coverity at the European Merge World Tour - Coverity Development Testing

BusinessTechnology
1 of 24
Download to read offline
Coverity Development Testing Accelerating Risk Mitigation through Continuous Integration and Development Testing
“Software is Eating the World” Software - Marc Andreessen Health Financial Communications SCM / Logistics Enterprise Mobile 81% of business leaders believe technology is a fundamental element of their business model Over 60 million tablets and 175 million smart phones will be in the workplace by the end of 2012 By 2016, open source software will be included in mission- critical applications within 99% of Global 2000 enterprises Automotive
Development Testing … … is transforming software development by: Reducing operational costs Accelerating development and time to market Protecting brands from catastrophic failure
Why All the Risk? Software Complexity and Speed have Outpaced Legacy Testing Methods Development Testing Software Complexity Time to Market Testing MethodsSecurity Testing Functional Testing Performance Testing Manual Testing
Fewer defects escape development Design Development Quality & Security Assurance Product Release & Management Development Testing Transform software testing, from reactive to proactive
Transformation Maturity Model Level 1 Automatic Defect Detection No new defects introduced. Level 3 Developer Workflow Optimization Feeding all components into the developer workflow Level 4 Code Governance Establish source code acceptance criteria Complete Enterprise Code Assurance All critical code and code impacted by change is tested IntegrationintoSDLCHigh Development Testing Adoption High Level 2 Identification of Residual Risk Ensure critical code is prioritized & tested
How Coverity Static Analysis Works Mimicks the behavior of dozens of compilers Integrates with existing build systems Statically tests all execution paths Finds defects and inconsistent coding patterns AnalyzeBuild Explains the location and root cause of defects Manage and share triage of defects across teams Present & Manage
Meaningful, real results Focus on finding real defects, not style violations or superficial issues. Over 12 years of experience analyzing open source and commercial code. Industry-leading low false positive/negative rate False positive rates typically below 15% False positives waste time, hinder adoption, and reduce trust in the results. Broadest Checker Library + Deepest Algorithms Optimal balance of breadth, depth, and scalability to large code bases. High Quality Results
Sample Project: PostgreSQL Defects Fixed in 2012 per Category Category # Defects Impact Memory  –  corrup,ons   20   High   Memory  -­‐  illegal  accesses   10   High   Resource  leaks   43   High   Unini,alized  variables   10   High   API  usage  errors   1   Medium   Control  flow  issues   4   Medium   Error  handling  issues   14   Medium   Incorrect  expression   3   Medium   Insecure  data  handling   24   Medium   Integer  handling  issues   8   Medium   Null  pointer  dereferences   43   Medium   Code  maintainability  issues   58   Low   Security  best  prac,ces  viola,ons   15   Low   Grand  Total   253   •  ~20 Developers •  Weekly Build •  680k LOC •  False Positive Rate: 11.1% •  Defect Density: 0,273
We Find Critical Defects •  Tomcat Webserver 5.5.17 •  Among several hundred defects, we found a “reverse lock bug” that can lead to deadlock of the entire server
Focus testing time where it matters … don’t waste time writing tests you don’t need Test Advisor Improving Unit Testing Effectiveness and Efficiency High Risk Code High Risk Code
Risk Mitigation Architecture Test Advice Actionable work items to address risk due to inadequate testing Test Policy Evaluation •  Critical code analysis •  Change impact analysis •  Test execution analysis Test Monitoring Code Ownership and Change History Static Code Analysis Customized Test Policy
Move Quality into the Inner Loop of Development Code Build Test Nightly Build Continuous Integration Finding and Fixing Quality Defects
QA Development Testing Workflow Code Check In Development Security Audit Static Analysis Results Nightly/Continuous Build Regression Test •  Built into development process •  Retesting minimized •  Immediately actionable by developers •  Reduces burden on auditing team Developer QA Security
Issue Responsibility Is Critical
Ingredients for Success Code Build Test Nightly Build Continuous Integration High-Fidelity Code Compilation High- Performance Analysis Low False Positive Rate Detecting Critical Defects Easy Defect Navigation and Comprehension Comprehensive Triage and Remediation Management Visibility and Governance Team Collaboration
Governance with Metrics Automated high-fidelity analysis on daily basis 18 Fast and educated triage of results to categorize and prioritize issuesAccurate Data Precise actions based on comprehensive data analysis Trusted Data
Policy Definition and Monitoring Definition of organizational-wide policies for code quality Aggregated sanity view of code by component, team, supplier
Supplier SLA Enforcement Supplier self-certification based upon policies
Transformation Maturity Model Level 1 Automatic Defect Detection No new defects introduced. Level 3 Developer Workflow Optimization Feeding all components into the developer workflow Level 4 Code Governance Establish source code acceptance criteria Complete Enterprise Code Assurance All critical code and code impacted by change is tested IntegrationintoSDLCHigh Development Testing Adoption High Level 2 Identification of Residual Risk Ensure critical code is prioritized & tested
Coverity Development Testing Platform Security Advisor Test Advisor Analysis Packs Coverity SAVE™ Static Analysis Verification Engine SDLC Integrations Policy Manager Quality Advisor Architecture Analysis Dynamic Analysis FindBugs™ Analysis Analysis Integration Toolkit Coverity Connect Test Execution Third Party Metrics Build/ Continuous Integration HP ALM IDE Code Coverage Defect Tracking SCM
ü  Proven significant operational cost reductions ü  Metric visibility of code estate onshore and offshore ü  Proven history of finding crash causing or unexpected behavior causing defects ü  Process Improvement of the Application Lifecycle Management Coverity Summary
Questions ?!?! ! !

Recommended

Predictive Analytics in Software Testing
Predictive Analytics in Software TestingPredictive Analytics in Software Testing
Predictive Analytics in Software TestingPavan Kumar Kodedela
 
Take your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena SoftwareTake your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena SoftwareSerena Software
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
Decreasing false positives in automated testing
Decreasing false positives in automated testingDecreasing false positives in automated testing
Decreasing false positives in automated testingSauce Labs
 
Security Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSecurity Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSoftServe
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
Dimensions CM Summer VUG Presentation
Dimensions CM Summer VUG PresentationDimensions CM Summer VUG Presentation
Dimensions CM Summer VUG PresentationSerena Software
 
Let the adventure begin the 80-20 testing - ingenuity
Let the adventure begin the 80-20 testing - ingenuityLet the adventure begin the 80-20 testing - ingenuity
Let the adventure begin the 80-20 testing - ingenuityIndium Software
 

Recommended

Predictive Analytics in Software Testing
Predictive Analytics in Software TestingPredictive Analytics in Software Testing
Predictive Analytics in Software TestingPavan Kumar Kodedela
 
Take your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena SoftwareTake your code and quality to the next level by Serena Software
Take your code and quality to the next level by Serena SoftwareSerena Software
 
Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Shifting the conversation from active interception to proactive neutralization
Shifting the conversation from active interception to proactive neutralization Rogue Wave Software
 
Decreasing false positives in automated testing
Decreasing false positives in automated testingDecreasing false positives in automated testing
Decreasing false positives in automated testingSauce Labs
 
Security Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSecurity Services and Approach by Nazar Tymoshyk
Security Services and Approach by Nazar TymoshykSoftServe
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
Dimensions CM Summer VUG Presentation
Dimensions CM Summer VUG PresentationDimensions CM Summer VUG Presentation
Dimensions CM Summer VUG PresentationSerena Software
 
Let the adventure begin the 80-20 testing - ingenuity
Let the adventure begin the 80-20 testing - ingenuityLet the adventure begin the 80-20 testing - ingenuity
Let the adventure begin the 80-20 testing - ingenuityIndium Software
 
What is Software Testing?
What is Software Testing?What is Software Testing?
What is Software Testing?QAI Global
 
Defect Prevention & Predictive Analytics - XBOSoft Webinar
Defect Prevention & Predictive Analytics - XBOSoft WebinarDefect Prevention & Predictive Analytics - XBOSoft Webinar
Defect Prevention & Predictive Analytics - XBOSoft WebinarXBOSoft
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousParasoft
 
Why every dev team needs static analysis
Why every dev team needs static analysisWhy every dev team needs static analysis
Why every dev team needs static analysisCoderGears
 
Next generation software testing trends
Next generation software testing trendsNext generation software testing trends
Next generation software testing trendsArun Kulkarni
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product SecuritySoftServe
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Source Conference
 
Software Testing Services
Software Testing ServicesSoftware Testing Services
Software Testing ServicesScienceSoft
 
Agile and Secure Development
Agile and Secure DevelopmentAgile and Secure Development
Agile and Secure DevelopmentNazar Tymoshyk, CEH, Ph.D.
 
Sergey Gordeychik, Security Metrics for PCI DSS Compliance
Sergey Gordeychik, Security Metrics for PCI DSS ComplianceSergey Gordeychik, Security Metrics for PCI DSS Compliance
Sergey Gordeychik, Security Metrics for PCI DSS Complianceqqlan
 
Testing introduction
Testing introductionTesting introduction
Testing introductionFACTS Computer Software L.L.C
 
Testing Services - Software Quality Assurance
Testing Services - Software Quality AssuranceTesting Services - Software Quality Assurance
Testing Services - Software Quality AssuranceCCS Technologies (P) Ltd.
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldRogue Wave Software
 
Agile and Secure SDLC
Agile and Secure SDLCAgile and Secure SDLC
Agile and Secure SDLCNazar Tymoshyk, CEH, Ph.D.
 
Performance Aware Development
Performance Aware DevelopmentPerformance Aware Development
Performance Aware DevelopmentSaurabh Badhwar
 
OWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiOWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiNazar Tymoshyk, CEH, Ph.D.
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Security as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleSecurity as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleNazar Tymoshyk, CEH, Ph.D.
 
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...Agile Testing Alliance
 
QA Trends 2010
QA Trends 2010 QA Trends 2010
QA Trends 2010 Galit Fein
 
Tools
ToolsTools
ToolsVolodymyr Shymanskyy
 
Webcast Presentation: Accelerate Continuous Delivery with Development Testing...
Webcast Presentation: Accelerate Continuous Delivery with Development Testing...Webcast Presentation: Accelerate Continuous Delivery with Development Testing...
Webcast Presentation: Accelerate Continuous Delivery with Development Testing...GRUC
 

More Related Content

What's hot

What is Software Testing?
What is Software Testing?What is Software Testing?
What is Software Testing?QAI Global
 
Defect Prevention & Predictive Analytics - XBOSoft Webinar
Defect Prevention & Predictive Analytics - XBOSoft WebinarDefect Prevention & Predictive Analytics - XBOSoft Webinar
Defect Prevention & Predictive Analytics - XBOSoft WebinarXBOSoft
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousParasoft
 
Why every dev team needs static analysis
Why every dev team needs static analysisWhy every dev team needs static analysis
Why every dev team needs static analysisCoderGears
 
Next generation software testing trends
Next generation software testing trendsNext generation software testing trends
Next generation software testing trendsArun Kulkarni
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product SecuritySoftServe
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Source Conference
 
Software Testing Services
Software Testing ServicesSoftware Testing Services
Software Testing ServicesScienceSoft
 
Sergey Gordeychik, Security Metrics for PCI DSS Compliance
Sergey Gordeychik, Security Metrics for PCI DSS ComplianceSergey Gordeychik, Security Metrics for PCI DSS Compliance
Sergey Gordeychik, Security Metrics for PCI DSS Complianceqqlan
 
Testing Services - Software Quality Assurance
Testing Services - Software Quality AssuranceTesting Services - Software Quality Assurance
Testing Services - Software Quality AssuranceCCS Technologies (P) Ltd.
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldRogue Wave Software
 
Performance Aware Development
Performance Aware DevelopmentPerformance Aware Development
Performance Aware DevelopmentSaurabh Badhwar
 
OWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiOWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiNazar Tymoshyk, CEH, Ph.D.
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Security as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleSecurity as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleNazar Tymoshyk, CEH, Ph.D.
 
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...Agile Testing Alliance
 
QA Trends 2010
QA Trends 2010 QA Trends 2010
QA Trends 2010 Galit Fein
 

What's hot (20)

What is Software Testing?
What is Software Testing?What is Software Testing?
What is Software Testing?
 
Defect Prevention & Predictive Analytics - XBOSoft Webinar
Defect Prevention & Predictive Analytics - XBOSoft WebinarDefect Prevention & Predictive Analytics - XBOSoft Webinar
Defect Prevention & Predictive Analytics - XBOSoft Webinar
 
Better Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to ContinuousBetter Software East 2016: Evolving Automated to Continuous
Better Software East 2016: Evolving Automated to Continuous
 
Why every dev team needs static analysis
Why every dev team needs static analysisWhy every dev team needs static analysis
Why every dev team needs static analysis
 
Next generation software testing trends
Next generation software testing trendsNext generation software testing trends
Next generation software testing trends
 
Digital Product Security
Digital Product SecurityDigital Product Security
Digital Product Security
 
Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?Are Agile And Secure Development Mutually Exclusive?
Are Agile And Secure Development Mutually Exclusive?
 
Software Testing Services
Software Testing ServicesSoftware Testing Services
Software Testing Services
 
Agile and Secure Development
Agile and Secure DevelopmentAgile and Secure Development
Agile and Secure Development
 
Sergey Gordeychik, Security Metrics for PCI DSS Compliance
Sergey Gordeychik, Security Metrics for PCI DSS ComplianceSergey Gordeychik, Security Metrics for PCI DSS Compliance
Sergey Gordeychik, Security Metrics for PCI DSS Compliance
 
Testing introduction
Testing introductionTesting introduction
Testing introduction
 
Testing Services - Software Quality Assurance
Testing Services - Software Quality AssuranceTesting Services - Software Quality Assurance
Testing Services - Software Quality Assurance
 
Programming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT worldProgramming languages and techniques for today’s embedded andIoT world
Programming languages and techniques for today’s embedded andIoT world
 
Agile and Secure SDLC
Agile and Secure SDLCAgile and Secure SDLC
Agile and Secure SDLC
 
Performance Aware Development
Performance Aware DevelopmentPerformance Aware Development
Performance Aware Development
 
OWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav BreslavskyiOWASP Top 10 practice workshop by Stanislav Breslavskyi
OWASP Top 10 practice workshop by Stanislav Breslavskyi
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Security as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development LifecycleSecurity as a new metric for Business, Product and Development Lifecycle
Security as a new metric for Business, Product and Development Lifecycle
 
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...
ATAGTR2017 Performance Testing and Non-Functional Testing Strategy for Big Da...
 
QA Trends 2010
QA Trends 2010 QA Trends 2010
QA Trends 2010
 

Viewers also liked

Webcast Presentation: Accelerate Continuous Delivery with Development Testing...
Webcast Presentation: Accelerate Continuous Delivery with Development Testing...Webcast Presentation: Accelerate Continuous Delivery with Development Testing...
Webcast Presentation: Accelerate Continuous Delivery with Development Testing...GRUC
 
Embracing Git and Distributed Teams
Embracing Git and Distributed TeamsEmbracing Git and Distributed Teams
Embracing Git and Distributed TeamsPerforce
 
Perforce - Under New Management by Konrad Litwin
Perforce - Under New Management by Konrad LitwinPerforce - Under New Management by Konrad Litwin
Perforce - Under New Management by Konrad LitwinPerforce
 
Single Source of Truth in a Distributed World by Sven Erik Knop
Single Source of Truth in a Distributed World by Sven Erik KnopSingle Source of Truth in a Distributed World by Sven Erik Knop
Single Source of Truth in a Distributed World by Sven Erik KnopPerforce
 
Streams in Parallel Development by Sven Erik Knop
Streams in Parallel Development by Sven Erik KnopStreams in Parallel Development by Sven Erik Knop
Streams in Parallel Development by Sven Erik KnopPerforce
 
ClearCase Escape Plan
ClearCase Escape PlanClearCase Escape Plan
ClearCase Escape PlanPerforce
 

Viewers also liked (7)

Tools
ToolsTools
Tools
 
Webcast Presentation: Accelerate Continuous Delivery with Development Testing...
Webcast Presentation: Accelerate Continuous Delivery with Development Testing...Webcast Presentation: Accelerate Continuous Delivery with Development Testing...
Webcast Presentation: Accelerate Continuous Delivery with Development Testing...
 
Embracing Git and Distributed Teams
Embracing Git and Distributed TeamsEmbracing Git and Distributed Teams
Embracing Git and Distributed Teams
 
Perforce - Under New Management by Konrad Litwin
Perforce - Under New Management by Konrad LitwinPerforce - Under New Management by Konrad Litwin
Perforce - Under New Management by Konrad Litwin
 
Single Source of Truth in a Distributed World by Sven Erik Knop
Single Source of Truth in a Distributed World by Sven Erik KnopSingle Source of Truth in a Distributed World by Sven Erik Knop
Single Source of Truth in a Distributed World by Sven Erik Knop
 
Streams in Parallel Development by Sven Erik Knop
Streams in Parallel Development by Sven Erik KnopStreams in Parallel Development by Sven Erik Knop
Streams in Parallel Development by Sven Erik Knop
 
ClearCase Escape Plan
ClearCase Escape PlanClearCase Escape Plan
ClearCase Escape Plan
 

Similar to [Europe merge world tour] Coverity Development Testing

[India Merge World Tour] Coverity
[India Merge World Tour] Coverity[India Merge World Tour] Coverity
[India Merge World Tour] CoverityPerforce
 
How To Avoid Continuously Delivering Faulty Software
How To Avoid Continuously Delivering Faulty SoftwareHow To Avoid Continuously Delivering Faulty Software
How To Avoid Continuously Delivering Faulty SoftwareErika Barron
 
Continuous Testing Landscape.pptx
Continuous Testing Landscape.pptxContinuous Testing Landscape.pptx
Continuous Testing Landscape.pptxMarc Hornbeek
 
Enhancing Software Quality
Enhancing Software QualityEnhancing Software Quality
Enhancing Software QualityAnand Prabhala
 
DevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousDevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousArthur Hicken
 
IEEE 1633 Recommended Practices for Reliable Software
IEEE 1633 Recommended Practices for Reliable SoftwareIEEE 1633 Recommended Practices for Reliable Software
IEEE 1633 Recommended Practices for Reliable SoftwareAnn Marie Neufelder
 
How to build confidence in your release cycle
How to build confidence in your release cycleHow to build confidence in your release cycle
How to build confidence in your release cycleDiUS
 
How to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwareHow to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwarePerforce
 
Rhonda Software Quality Assurance Services
Rhonda Software Quality Assurance ServicesRhonda Software Quality Assurance Services
Rhonda Software Quality Assurance ServicesRhonda Software
 
Quality at the speed of digital
Quality at the speed of digitalQuality at the speed of digital
Quality at the speed of digitalrajni singh
 
Outsourcing: Risk or Possibility?
Outsourcing: Risk or Possibility?Outsourcing: Risk or Possibility?
Outsourcing: Risk or Possibility?Thomas Peters
 
Defect free development - QS Tag2019
Defect free development - QS Tag2019Defect free development - QS Tag2019
Defect free development - QS Tag2019Arnon Axelrod
 
IT Quality Testing and the Defect Management Process
IT Quality Testing and the Defect Management ProcessIT Quality Testing and the Defect Management Process
IT Quality Testing and the Defect Management ProcessYolanda Williams
 
Software Quality Architecture And Code Audit
Software Quality Architecture And Code AuditSoftware Quality Architecture And Code Audit
Software Quality Architecture And Code AuditXebia IT Architects
 
SplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for DevopsSplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for DevopsSplunk
 
End-to-End Quality Approach: 14 Levels of Testing
End-to-End Quality Approach: 14 Levels of TestingEnd-to-End Quality Approach: 14 Levels of Testing
End-to-End Quality Approach: 14 Levels of TestingJosiah Renaudin
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSalil Kumar Subramony
 
DevOps evolution architecting the modern software factory - cloud expo east 2017
DevOps evolution architecting the modern software factory - cloud expo east 2017DevOps evolution architecting the modern software factory - cloud expo east 2017
DevOps evolution architecting the modern software factory - cloud expo east 2017Anand Akela
 
QA-presentation
QA-presentationQA-presentation
QA-presentationDarya Bialova
 

Similar to [Europe merge world tour] Coverity Development Testing (20)

[India Merge World Tour] Coverity
[India Merge World Tour] Coverity[India Merge World Tour] Coverity
[India Merge World Tour] Coverity
 
How To Avoid Continuously Delivering Faulty Software
How To Avoid Continuously Delivering Faulty SoftwareHow To Avoid Continuously Delivering Faulty Software
How To Avoid Continuously Delivering Faulty Software
 
Continuous Testing Landscape.pptx
Continuous Testing Landscape.pptxContinuous Testing Landscape.pptx
Continuous Testing Landscape.pptx
 
Enhancing Software Quality
Enhancing Software QualityEnhancing Software Quality
Enhancing Software Quality
 
DevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuousDevOps 2017 Conf: evolving from automated to continuous
DevOps 2017 Conf: evolving from automated to continuous
 
IEEE 1633 Recommended Practices for Reliable Software
IEEE 1633 Recommended Practices for Reliable SoftwareIEEE 1633 Recommended Practices for Reliable Software
IEEE 1633 Recommended Practices for Reliable Software
 
How to build confidence in your release cycle
How to build confidence in your release cycleHow to build confidence in your release cycle
How to build confidence in your release cycle
 
How to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty SoftwareHow to Avoid Continuously Delivering Faulty Software
How to Avoid Continuously Delivering Faulty Software
 
Rhonda Software Quality Assurance Services
Rhonda Software Quality Assurance ServicesRhonda Software Quality Assurance Services
Rhonda Software Quality Assurance Services
 
Quality at the speed of digital
Quality at the speed of digitalQuality at the speed of digital
Quality at the speed of digital
 
Outsourcing: Risk or Possibility?
Outsourcing: Risk or Possibility?Outsourcing: Risk or Possibility?
Outsourcing: Risk or Possibility?
 
Defect free development - QS Tag2019
Defect free development - QS Tag2019Defect free development - QS Tag2019
Defect free development - QS Tag2019
 
IT Quality Testing and the Defect Management Process
IT Quality Testing and the Defect Management ProcessIT Quality Testing and the Defect Management Process
IT Quality Testing and the Defect Management Process
 
Software Quality Architecture And Code Audit
Software Quality Architecture And Code AuditSoftware Quality Architecture And Code Audit
Software Quality Architecture And Code Audit
 
SplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for DevopsSplunkLive! London 2016 Splunk for Devops
SplunkLive! London 2016 Splunk for Devops
 
End-to-End Quality Approach: 14 Levels of Testing
End-to-End Quality Approach: 14 Levels of TestingEnd-to-End Quality Approach: 14 Levels of Testing
End-to-End Quality Approach: 14 Levels of Testing
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green MethodSecure Code review - Veracode SaaS Platform - Saudi Green Method
Secure Code review - Veracode SaaS Platform - Saudi Green Method
 
DevOps evolution architecting the modern software factory - cloud expo east 2017
DevOps evolution architecting the modern software factory - cloud expo east 2017DevOps evolution architecting the modern software factory - cloud expo east 2017
DevOps evolution architecting the modern software factory - cloud expo east 2017
 
Rational Quality Manager
Rational Quality ManagerRational Quality Manager
Rational Quality Manager
 
QA-presentation
QA-presentationQA-presentation
QA-presentation
 

More from Perforce

How to Organize Game Developers With Different Planning Needs
How to Organize Game Developers With Different Planning NeedsHow to Organize Game Developers With Different Planning Needs
How to Organize Game Developers With Different Planning NeedsPerforce
 
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...Perforce
 
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...Perforce
 
Understanding Compliant Workflow Enforcement SOPs
Understanding Compliant Workflow Enforcement SOPsUnderstanding Compliant Workflow Enforcement SOPs
Understanding Compliant Workflow Enforcement SOPsPerforce
 
Branching Out: How To Automate Your Development Process
Branching Out: How To Automate Your Development ProcessBranching Out: How To Automate Your Development Process
Branching Out: How To Automate Your Development ProcessPerforce
 
How to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOpsHow to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOpsPerforce
 
How to Spark Joy In Your Product Backlog
How to Spark Joy In Your Product Backlog How to Spark Joy In Your Product Backlog
How to Spark Joy In Your Product Backlog Perforce
 
Going Remote: Build Up Your Game Dev Team
Going Remote: Build Up Your Game Dev Team Going Remote: Build Up Your Game Dev Team
Going Remote: Build Up Your Game Dev Team Perforce
 
Shift to Remote: How to Manage Your New Workflow
Shift to Remote: How to Manage Your New WorkflowShift to Remote: How to Manage Your New Workflow
Shift to Remote: How to Manage Your New WorkflowPerforce
 
Hybrid Development Methodology in a Regulated World
Hybrid Development Methodology in a Regulated WorldHybrid Development Methodology in a Regulated World
Hybrid Development Methodology in a Regulated WorldPerforce
 
Better, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the EnterpriseBetter, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the EnterprisePerforce
 
Easier Requirements Management Using Diagrams In Helix ALM
Easier Requirements Management Using Diagrams In Helix ALMEasier Requirements Management Using Diagrams In Helix ALM
Easier Requirements Management Using Diagrams In Helix ALMPerforce
 
How To Master Your Mega Backlog
How To Master Your Mega Backlog How To Master Your Mega Backlog
How To Master Your Mega Backlog Perforce
 
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...Perforce
 
How to Scale With Helix Core and Microsoft Azure
How to Scale With Helix Core and Microsoft Azure How to Scale With Helix Core and Microsoft Azure
How to Scale With Helix Core and Microsoft Azure Perforce
 
Achieving Software Safety, Security, and Reliability Part 2
Achieving Software Safety, Security, and Reliability Part 2Achieving Software Safety, Security, and Reliability Part 2
Achieving Software Safety, Security, and Reliability Part 2Perforce
 
Should You Break Up With Your Monolith?
Should You Break Up With Your Monolith?Should You Break Up With Your Monolith?
Should You Break Up With Your Monolith?Perforce
 
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...Perforce
 
What's New in Helix ALM 2019.4
What's New in Helix ALM 2019.4What's New in Helix ALM 2019.4
What's New in Helix ALM 2019.4Perforce
 
Free Yourself From the MS Office Prison
Free Yourself From the MS Office Prison Free Yourself From the MS Office Prison
Free Yourself From the MS Office Prison Perforce
 

More from Perforce (20)

How to Organize Game Developers With Different Planning Needs
How to Organize Game Developers With Different Planning NeedsHow to Organize Game Developers With Different Planning Needs
How to Organize Game Developers With Different Planning Needs
 
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
Regulatory Traceability: How to Maintain Compliance, Quality, and Cost Effic...
 
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...Efficient Security Development and Testing Using Dynamic and Static Code Anal...
Efficient Security Development and Testing Using Dynamic and Static Code Anal...
 
Understanding Compliant Workflow Enforcement SOPs
Understanding Compliant Workflow Enforcement SOPsUnderstanding Compliant Workflow Enforcement SOPs
Understanding Compliant Workflow Enforcement SOPs
 
Branching Out: How To Automate Your Development Process
Branching Out: How To Automate Your Development ProcessBranching Out: How To Automate Your Development Process
Branching Out: How To Automate Your Development Process
 
How to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOpsHow to Do Code Reviews at Massive Scale For DevOps
How to Do Code Reviews at Massive Scale For DevOps
 
How to Spark Joy In Your Product Backlog
How to Spark Joy In Your Product Backlog How to Spark Joy In Your Product Backlog
How to Spark Joy In Your Product Backlog
 
Going Remote: Build Up Your Game Dev Team
Going Remote: Build Up Your Game Dev Team Going Remote: Build Up Your Game Dev Team
Going Remote: Build Up Your Game Dev Team
 
Shift to Remote: How to Manage Your New Workflow
Shift to Remote: How to Manage Your New WorkflowShift to Remote: How to Manage Your New Workflow
Shift to Remote: How to Manage Your New Workflow
 
Hybrid Development Methodology in a Regulated World
Hybrid Development Methodology in a Regulated WorldHybrid Development Methodology in a Regulated World
Hybrid Development Methodology in a Regulated World
 
Better, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the EnterpriseBetter, Faster, Easier: How to Make Git Really Work in the Enterprise
Better, Faster, Easier: How to Make Git Really Work in the Enterprise
 
Easier Requirements Management Using Diagrams In Helix ALM
Easier Requirements Management Using Diagrams In Helix ALMEasier Requirements Management Using Diagrams In Helix ALM
Easier Requirements Management Using Diagrams In Helix ALM
 
How To Master Your Mega Backlog
How To Master Your Mega Backlog How To Master Your Mega Backlog
How To Master Your Mega Backlog
 
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
Achieving Software Safety, Security, and Reliability Part 3: What Does the Fu...
 
How to Scale With Helix Core and Microsoft Azure
How to Scale With Helix Core and Microsoft Azure How to Scale With Helix Core and Microsoft Azure
How to Scale With Helix Core and Microsoft Azure
 
Achieving Software Safety, Security, and Reliability Part 2
Achieving Software Safety, Security, and Reliability Part 2Achieving Software Safety, Security, and Reliability Part 2
Achieving Software Safety, Security, and Reliability Part 2
 
Should You Break Up With Your Monolith?
Should You Break Up With Your Monolith?Should You Break Up With Your Monolith?
Should You Break Up With Your Monolith?
 
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
Achieving Software Safety, Security, and Reliability Part 1: Common Industry ...
 
What's New in Helix ALM 2019.4
What's New in Helix ALM 2019.4What's New in Helix ALM 2019.4
What's New in Helix ALM 2019.4
 
Free Yourself From the MS Office Prison
Free Yourself From the MS Office Prison Free Yourself From the MS Office Prison
Free Yourself From the MS Office Prison
 

Recently uploaded

Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...ShrutiBose4
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfRbc Rbcua
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 

Recently uploaded (20)

Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
APRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdfAPRIL2024_UKRAINE_xml_0000000000000 .pdf
APRIL2024_UKRAINE_xml_0000000000000 .pdf
 
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 

[Europe merge world tour] Coverity Development Testing

  • 1. Coverity Development Testing Accelerating Risk Mitigation through Continuous Integration and Development Testing
  • 2. “Software is Eating the World” Software - Marc Andreessen Health Financial Communications SCM / Logistics Enterprise Mobile 81% of business leaders believe technology is a fundamental element of their business model Over 60 million tablets and 175 million smart phones will be in the workplace by the end of 2012 By 2016, open source software will be included in mission- critical applications within 99% of Global 2000 enterprises Automotive
  • 3.
  • 4. Development Testing … … is transforming software development by: Reducing operational costs Accelerating development and time to market Protecting brands from catastrophic failure
  • 5. Why All the Risk? Software Complexity and Speed have Outpaced Legacy Testing Methods Development Testing Software Complexity Time to Market Testing MethodsSecurity Testing Functional Testing Performance Testing Manual Testing
  • 6. Fewer defects escape development Design Development Quality & Security Assurance Product Release & Management Development Testing Transform software testing, from reactive to proactive
  • 7. Transformation Maturity Model Level 1 Automatic Defect Detection No new defects introduced. Level 3 Developer Workflow Optimization Feeding all components into the developer workflow Level 4 Code Governance Establish source code acceptance criteria Complete Enterprise Code Assurance All critical code and code impacted by change is tested IntegrationintoSDLCHigh Development Testing Adoption High Level 2 Identification of Residual Risk Ensure critical code is prioritized & tested
  • 8. How Coverity Static Analysis Works Mimicks the behavior of dozens of compilers Integrates with existing build systems Statically tests all execution paths Finds defects and inconsistent coding patterns AnalyzeBuild Explains the location and root cause of defects Manage and share triage of defects across teams Present & Manage
  • 9. Meaningful, real results Focus on finding real defects, not style violations or superficial issues. Over 12 years of experience analyzing open source and commercial code. Industry-leading low false positive/negative rate False positive rates typically below 15% False positives waste time, hinder adoption, and reduce trust in the results. Broadest Checker Library + Deepest Algorithms Optimal balance of breadth, depth, and scalability to large code bases. High Quality Results
  • 10. Sample Project: PostgreSQL Defects Fixed in 2012 per Category Category # Defects Impact Memory  –  corrup,ons   20   High   Memory  -­‐  illegal  accesses   10   High   Resource  leaks   43   High   Unini,alized  variables   10   High   API  usage  errors   1   Medium   Control  flow  issues   4   Medium   Error  handling  issues   14   Medium   Incorrect  expression   3   Medium   Insecure  data  handling   24   Medium   Integer  handling  issues   8   Medium   Null  pointer  dereferences   43   Medium   Code  maintainability  issues   58   Low   Security  best  prac,ces  viola,ons   15   Low   Grand  Total   253   •  ~20 Developers •  Weekly Build •  680k LOC •  False Positive Rate: 11.1% •  Defect Density: 0,273
  • 11. We Find Critical Defects •  Tomcat Webserver 5.5.17 •  Among several hundred defects, we found a “reverse lock bug” that can lead to deadlock of the entire server
  • 12. Focus testing time where it matters … don’t waste time writing tests you don’t need Test Advisor Improving Unit Testing Effectiveness and Efficiency High Risk Code High Risk Code
  • 13. Risk Mitigation Architecture Test Advice Actionable work items to address risk due to inadequate testing Test Policy Evaluation •  Critical code analysis •  Change impact analysis •  Test execution analysis Test Monitoring Code Ownership and Change History Static Code Analysis Customized Test Policy
  • 14. Move Quality into the Inner Loop of Development Code Build Test Nightly Build Continuous Integration Finding and Fixing Quality Defects
  • 15. QA Development Testing Workflow Code Check In Development Security Audit Static Analysis Results Nightly/Continuous Build Regression Test •  Built into development process •  Retesting minimized •  Immediately actionable by developers •  Reduces burden on auditing team Developer QA Security
  • 17. Ingredients for Success Code Build Test Nightly Build Continuous Integration High-Fidelity Code Compilation High- Performance Analysis Low False Positive Rate Detecting Critical Defects Easy Defect Navigation and Comprehension Comprehensive Triage and Remediation Management Visibility and Governance Team Collaboration
  • 18. Governance with Metrics Automated high-fidelity analysis on daily basis 18 Fast and educated triage of results to categorize and prioritize issuesAccurate Data Precise actions based on comprehensive data analysis Trusted Data
  • 19. Policy Definition and Monitoring Definition of organizational-wide policies for code quality Aggregated sanity view of code by component, team, supplier
  • 20. Supplier SLA Enforcement Supplier self-certification based upon policies
  • 21. Transformation Maturity Model Level 1 Automatic Defect Detection No new defects introduced. Level 3 Developer Workflow Optimization Feeding all components into the developer workflow Level 4 Code Governance Establish source code acceptance criteria Complete Enterprise Code Assurance All critical code and code impacted by change is tested IntegrationintoSDLCHigh Development Testing Adoption High Level 2 Identification of Residual Risk Ensure critical code is prioritized & tested
  • 22. Coverity Development Testing Platform Security Advisor Test Advisor Analysis Packs Coverity SAVE™ Static Analysis Verification Engine SDLC Integrations Policy Manager Quality Advisor Architecture Analysis Dynamic Analysis FindBugs™ Analysis Analysis Integration Toolkit Coverity Connect Test Execution Third Party Metrics Build/ Continuous Integration HP ALM IDE Code Coverage Defect Tracking SCM
  • 23. ü  Proven significant operational cost reductions ü  Metric visibility of code estate onshore and offshore ü  Proven history of finding crash causing or unexpected behavior causing defects ü  Process Improvement of the Application Lifecycle Management Coverity Summary