SlideShare a Scribd company logo

Context Is King: The Developer Perspective on the Usage of Static Analysis Tools

Sebastiano Panichella
Sebastiano Panichella

Context Is King: The Developer Perspective on the Usage of Static Analysis Tools

Presentations & Public Speaking
1 of 29
Download to read offline
1 Context Is King: The Developer Perspective on the Usage of Static Analysis Tools. Carmine Vassallo, Sebastiano Panichella, Fabio Palomba, Sebastian Proksch, Andy Zaidman, and Harald Gall. @ccvassallo
2 Development Context Is King: The Developer Perspective on the Usage of Static Analysis Tools. Carmine Vassallo, Sebastiano Panichella, Fabio Palomba, Sebastian Proksch, Andy Zaidman, and Harald Gall. @ccvassallo
3 Development Context Is King: The Developer Perspective on the Usage of Static Analysis Tools. Carmine Vassallo, Sebastiano Panichella, Fabio Palomba, Sebastian Proksch, Andy Zaidman, and Harald Gall. @ccvassallo
4 Motivation
5 ASAT (A) Automatic (S) Static (A) Analysis (T) Tool
6 ASATs detect so+ware defects faster and cheaper than human inspec6on and tes6ng would do (Johnson et al., ICSE 2013). ASATs are common, but not ubiquitous (Beller et al., SANER 2016)
7 Barriers when using ASATs Lack of effec6vely implemented quick fixes Johnson et al., “Why don’t software developers use Static Analysis Tools to Find Bugs?” ICSE 2013 High rate of false posi6ve warnings Low understandability of the warnings
8 Usage of ASATs in one context Panichella et al., “Would static analysis tools help developers with code reviews?” SANER 2015 Zampetti et al., “How open source projects use static code analysis tools in continuous integration” MSR 2017 Build failures caused by ASATs are mainly due to coding standard viola.ons Developers use ASATs mainly for checking coding structure Code Review Continuous Integration
ASATs configured differently in different contexts. 9
TO DO List 10 Development Contexts where ASATs are used Usage of ASATs in different contexts
First Study: Development Contexts 11
First Study: Research Questions • RQ1: In which development contexts do developers use ASATs? 
 • RQ2: How do developers configure ASATs in different development contexts? 12
The Questionnaire 13 19 questions, 2 main topics: • Adoption of ASATs • Configuration of ASATs 43 (69% industrial and 31% open-source) participants.
Usage of ASATs 14 Frequency Multiple times per day Daily Weekly Monthly % Respondents 0 10 20 30 40 12 19 31 38 ASATs are integrated with the regular development
15 Where ASATs are used
Where ASATs are used 16 30% 33% 37% % Respondents Local Development Code Review Continuous Integration
When ASATs are configured 17 Frequency Kick-off Monthly Never Weekly % Respondents 0 15 30 45 60 7 20 22 51 The majority of developers configure ASATs only once.
18 How ASATs are configured of our respondents use the same configuration in different contexts.%75
How ASATs are configured 19 Local Development Code Review Continuous Integration
Second Study: ASATs usage in different contexts 20
Extended questionnaire & Interviews 21 Context-Based Usage 25 participants 11 professional developers • 6 companies Semi-structured interviews
Second Study: Research Question • RQ3 Do developers pay attention to the same warnings in different development contexts? 22
Warnings in different contexts 23 Local Development Code Review Continuous Integration Developers pay attention to different warnings depending on the context. Code Structure Logic Error Handling Style Convention Redundancies Naming Conventions Error Handling Logic Style Convention 1st 2nd 3rd 1st 2nd 3rd 1st 2nd 3rd
Other factors while selecting warnings 24 Factors Severity of the Warnings Policies of the Development Team Application Type Team Composition None of the above Tool Reputation % Respondents 0 15 30 45 60 0 6.1 6.1 12.1 24.2 51.5 2.4 2.4 9.9 19.5 31.7 34.1 2.3 7 11.6 18.6 27.9 32.6 Continuous Integration Code Review Local Development Blocker, Cri>cal, Major, etc. “Team leader decides to adopt a strict policy regarding naming conven6ons.” “Short-term applica6ons don’t need to follow strict rules.”
25 Findings
How developers configure ASATs 26 Local Development Code Review Continuous Integration
How developers perceive ASATs 27 Local Development Code Review Continuous Integration
28 Biased Percep6on Towards Context-Awareness Holis6c Analysis of the Developers’ Behaviour
29 Context Is King: The Developer Perspective on the Usage of Static Analysis Tools. Carmine Vassallo, Sebastiano Panichella, Fabio Palomba, Sebastian Proksch, Andy Zaidman, and Harald Gall. @ccvassallo vassallo@ifi.uzh.ch X Usage of ASATs in one context Panichella et al., “Would static analysis tools help developers with code reviews?” SANER 2015 Zampetti et al., “How open source projects use static code analysis tools in continuous integration” MSR 2017 Code Review Continuous Integration How ASATs are configured X Local Development Code Review Continuous Integration How developers perceive ASATs X Local Development Code Review Continuous Integration

Recommended

The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...WhiteSource
 
Webinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesWebinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesSynopsys Software Integrity Group
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarThe State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarWhiteSource
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software SurveySonatype
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
 
Amy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOpsAmy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOpsSeniorStoryteller
 
Microsoft: Open Source at Scale
Microsoft: Open Source at ScaleMicrosoft: Open Source at Scale
Microsoft: Open Source at ScaleShane Coughlan
 
The DevOps Panel - Innotech Austin CD Summit
The DevOps Panel - Innotech Austin CD SummitThe DevOps Panel - Innotech Austin CD Summit
The DevOps Panel - Innotech Austin CD SummitErnest Mueller
 

Recommended

The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour... The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...
The Top 3 Strategies To Reduce Your Open Source Security Risks - A WhiteSour...WhiteSource
 
Webinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesWebinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesSynopsys Software Integrity Group
 
The State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarThe State of Open Source Vulnerabilities - A WhiteSource Webinar
The State of Open Source Vulnerabilities - A WhiteSource WebinarWhiteSource
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software SurveySonatype
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
 
Amy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOpsAmy DeMartine - 7 Habits of Rugged DevOps
Amy DeMartine - 7 Habits of Rugged DevOpsSeniorStoryteller
 
Microsoft: Open Source at Scale
Microsoft: Open Source at ScaleMicrosoft: Open Source at Scale
Microsoft: Open Source at ScaleShane Coughlan
 
The DevOps Panel - Innotech Austin CD Summit
The DevOps Panel - Innotech Austin CD SummitThe DevOps Panel - Innotech Austin CD Summit
The DevOps Panel - Innotech Austin CD SummitErnest Mueller
 
What we learned from three years sciencing the crap out of devops
What we learned from three years sciencing the crap out of devopsWhat we learned from three years sciencing the crap out of devops
What we learned from three years sciencing the crap out of devopsNicole Forsgren
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...WhiteSource
 
Getting to Know Security and Devs: Keys to Successful DevSecOps
Getting to Know Security and Devs: Keys to Successful DevSecOpsGetting to Know Security and Devs: Keys to Successful DevSecOps
Getting to Know Security and Devs: Keys to Successful DevSecOpsFranklin Mosley
 
The R.O.A.D to DevOps
The R.O.A.D to DevOpsThe R.O.A.D to DevOps
The R.O.A.D to DevOpsSeniorStoryteller
 
Presentation
PresentationPresentation
PresentationZachary Ratliff
 
Agentless Patch Management for the Data Center
Agentless Patch Management for the Data CenterAgentless Patch Management for the Data Center
Agentless Patch Management for the Data CenterIvanti
 
Project Rollout Artifacts
Project Rollout ArtifactsProject Rollout Artifacts
Project Rollout Artifactsrtbyrnes
 
6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling Misconceptions6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling MisconceptionsCigital
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...WhiteSource
 
BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014
BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014
BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014m1splacedsoul
 
Continuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachContinuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachSonatype
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxSonatype
 
[Webinar] The Art & Value of Bug Bounty Programs
[Webinar] The Art & Value of Bug Bounty Programs[Webinar] The Art & Value of Bug Bounty Programs
[Webinar] The Art & Value of Bug Bounty Programsbugcrowd
 
Can You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCan You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCigital
 
More Common Than You Think: An In-Depth Study of Casual Contributors
More Common Than You Think: An In-Depth Study of Casual ContributorsMore Common Than You Think: An In-Depth Study of Casual Contributors
More Common Than You Think: An In-Depth Study of Casual ContributorsUFPA
 
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Programbugcrowd
 
Build or Buy: The Barracuda Bug Bounty Story [Webinar]
Build or Buy: The Barracuda Bug Bounty Story [Webinar]Build or Buy: The Barracuda Bug Bounty Story [Webinar]
Build or Buy: The Barracuda Bug Bounty Story [Webinar]bugcrowd
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Jerika Phelps
 
Silver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSilver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSeniorStoryteller
 
Analyst Resources for Chief Information Security Officers (CISOs)
Analyst Resources for Chief Information Security Officers (CISOs)Analyst Resources for Chief Information Security Officers (CISOs)
Analyst Resources for Chief Information Security Officers (CISOs)Synopsys Software Integrity Group
 
Supply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software DevelopmentSupply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software DevelopmentSonatype
 
Why Don't Software Developers Use Static Analysis Tools to Find Bugs?
Why Don't Software Developers Use Static Analysis Tools to Find Bugs?Why Don't Software Developers Use Static Analysis Tools to Find Bugs?
Why Don't Software Developers Use Static Analysis Tools to Find Bugs?PVS-Studio
 

More Related Content

What's hot

What we learned from three years sciencing the crap out of devops
What we learned from three years sciencing the crap out of devopsWhat we learned from three years sciencing the crap out of devops
What we learned from three years sciencing the crap out of devopsNicole Forsgren
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...WhiteSource
 
Getting to Know Security and Devs: Keys to Successful DevSecOps
Getting to Know Security and Devs: Keys to Successful DevSecOpsGetting to Know Security and Devs: Keys to Successful DevSecOps
Getting to Know Security and Devs: Keys to Successful DevSecOpsFranklin Mosley
 
Agentless Patch Management for the Data Center
Agentless Patch Management for the Data CenterAgentless Patch Management for the Data Center
Agentless Patch Management for the Data CenterIvanti
 
Project Rollout Artifacts
Project Rollout ArtifactsProject Rollout Artifacts
Project Rollout Artifactsrtbyrnes
 
6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling Misconceptions6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling MisconceptionsCigital
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...WhiteSource
 
BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014
BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014
BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014m1splacedsoul
 
Continuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachContinuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachSonatype
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxSonatype
 
[Webinar] The Art & Value of Bug Bounty Programs
[Webinar] The Art & Value of Bug Bounty Programs[Webinar] The Art & Value of Bug Bounty Programs
[Webinar] The Art & Value of Bug Bounty Programsbugcrowd
 
Can You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCan You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCigital
 
More Common Than You Think: An In-Depth Study of Casual Contributors
More Common Than You Think: An In-Depth Study of Casual ContributorsMore Common Than You Think: An In-Depth Study of Casual Contributors
More Common Than You Think: An In-Depth Study of Casual ContributorsUFPA
 
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Programbugcrowd
 
Build or Buy: The Barracuda Bug Bounty Story [Webinar]
Build or Buy: The Barracuda Bug Bounty Story [Webinar]Build or Buy: The Barracuda Bug Bounty Story [Webinar]
Build or Buy: The Barracuda Bug Bounty Story [Webinar]bugcrowd
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Jerika Phelps
 
Silver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSilver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSeniorStoryteller
 

What's hot (19)

What we learned from three years sciencing the crap out of devops
What we learned from three years sciencing the crap out of devopsWhat we learned from three years sciencing the crap out of devops
What we learned from three years sciencing the crap out of devops
 
Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...Winning open source vulnerabilities without loosing your deveopers - Azure De...
Winning open source vulnerabilities without loosing your deveopers - Azure De...
 
Getting to Know Security and Devs: Keys to Successful DevSecOps
Getting to Know Security and Devs: Keys to Successful DevSecOpsGetting to Know Security and Devs: Keys to Successful DevSecOps
Getting to Know Security and Devs: Keys to Successful DevSecOps
 
The R.O.A.D to DevOps
The R.O.A.D to DevOpsThe R.O.A.D to DevOps
The R.O.A.D to DevOps
 
Presentation
PresentationPresentation
Presentation
 
Agentless Patch Management for the Data Center
Agentless Patch Management for the Data CenterAgentless Patch Management for the Data Center
Agentless Patch Management for the Data Center
 
Project Rollout Artifacts
Project Rollout ArtifactsProject Rollout Artifacts
Project Rollout Artifacts
 
6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling Misconceptions6 Most Common Threat Modeling Misconceptions
6 Most Common Threat Modeling Misconceptions
 
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
5 Things Every CISO Needs To Know About Open Source Security - A WhiteSource ...
 
BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014
BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014
BSIMM and Security Initiative Improvement @OWASPNoVA 02/06/2014
 
Continuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain ApproachContinuous Acceleration with a Software Supply Chain Approach
Continuous Acceleration with a Software Supply Chain Approach
 
RSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all EquifaxRSAC DevSecOpsDays 2018 - We are all Equifax
RSAC DevSecOpsDays 2018 - We are all Equifax
 
[Webinar] The Art & Value of Bug Bounty Programs
[Webinar] The Art & Value of Bug Bounty Programs[Webinar] The Art & Value of Bug Bounty Programs
[Webinar] The Art & Value of Bug Bounty Programs
 
Can You Really Automate Yourself Secure
Can You Really Automate Yourself SecureCan You Really Automate Yourself Secure
Can You Really Automate Yourself Secure
 
More Common Than You Think: An In-Depth Study of Casual Contributors
More Common Than You Think: An In-Depth Study of Casual ContributorsMore Common Than You Think: An In-Depth Study of Casual Contributors
More Common Than You Think: An In-Depth Study of Casual Contributors
 
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program
3 Reasons to Swap Your Next Pen Test With a Bug Bounty Program
 
Build or Buy: The Barracuda Bug Bounty Story [Webinar]
Build or Buy: The Barracuda Bug Bounty Story [Webinar]Build or Buy: The Barracuda Bug Bounty Story [Webinar]
Build or Buy: The Barracuda Bug Bounty Story [Webinar]
 
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
Leveraging Black Duck Hub to Maximize Focus - Entersekt's approach to automat...
 
Silver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSilver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security Solutions
 

Similar to Context Is King: The Developer Perspective on the Usage of Static Analysis Tools

Analyst Resources for Chief Information Security Officers (CISOs)
Analyst Resources for Chief Information Security Officers (CISOs)Analyst Resources for Chief Information Security Officers (CISOs)
Analyst Resources for Chief Information Security Officers (CISOs)Synopsys Software Integrity Group
 
Supply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software DevelopmentSupply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software DevelopmentSonatype
 
Why Don't Software Developers Use Static Analysis Tools to Find Bugs?
Why Don't Software Developers Use Static Analysis Tools to Find Bugs?Why Don't Software Developers Use Static Analysis Tools to Find Bugs?
Why Don't Software Developers Use Static Analysis Tools to Find Bugs?PVS-Studio
 
IIA4: Open Source and the Enterprise ( Predix Transform 2016)
IIA4: Open Source and the Enterprise ( Predix Transform 2016)IIA4: Open Source and the Enterprise ( Predix Transform 2016)
IIA4: Open Source and the Enterprise ( Predix Transform 2016)Predix
 
Systems DevelopmentLife CycleITEC 630 Group 3Dayna Ferguso
Systems DevelopmentLife CycleITEC 630 Group 3Dayna FergusoSystems DevelopmentLife CycleITEC 630 Group 3Dayna Ferguso
Systems DevelopmentLife CycleITEC 630 Group 3Dayna Fergusolisandrai1k
 
Top 10 Factors to Consider for Solar Trackers Feb 16 2016
Top 10 Factors to Consider for Solar Trackers Feb 16 2016Top 10 Factors to Consider for Solar Trackers Feb 16 2016
Top 10 Factors to Consider for Solar Trackers Feb 16 2016Khushbu Singh
 
Top 10 Factors to Consider for Solar Trackers Feb 16 2016
Top 10 Factors to Consider for Solar Trackers Feb 16 2016Top 10 Factors to Consider for Solar Trackers Feb 16 2016
Top 10 Factors to Consider for Solar Trackers Feb 16 2016Wassim Bendeddouche
 
RAD - System i - Presentation
RAD - System i - PresentationRAD - System i - Presentation
RAD - System i - PresentationChuck Walker
 
Best Practices for Managing Risk from Open Source Libraries and Components
Best Practices for Managing Risk from Open Source Libraries and Components Best Practices for Managing Risk from Open Source Libraries and Components
Best Practices for Managing Risk from Open Source Libraries and Components Sonatype
 
Developing and Evolving a DSL-Based Approach for Runtime Monitoring of System...
Developing and Evolving a DSL-Based Approach for Runtime Monitoring of System...Developing and Evolving a DSL-Based Approach for Runtime Monitoring of System...
Developing and Evolving a DSL-Based Approach for Runtime Monitoring of System...Förderverein Technische Fakultät
 
What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...Kevin Fealey
 
Analysis random org nist2005
Analysis random org nist2005Analysis random org nist2005
Analysis random org nist2005eliecerherrera
 
Software development life cycle
Software development life cycleSoftware development life cycle
Software development life cycleAfrasiyab Haider
 
Software Engineering - Basics
Software Engineering - BasicsSoftware Engineering - Basics
Software Engineering - BasicsPurvik Rana
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOpsBlack Duck by Synopsys
 
Hidden Speed Bumps on the Road to "Continuous"
Hidden Speed Bumps on the Road to "Continuous"Hidden Speed Bumps on the Road to "Continuous"
Hidden Speed Bumps on the Road to "Continuous"Sonatype
 
State of the Software Supply Chain Report 2017
State of the Software Supply Chain Report 2017State of the Software Supply Chain Report 2017
State of the Software Supply Chain Report 2017Matthew Howard
 
Software Development Process - REQUIREMENTS ANALYSIS / ANALYSIS OF TECHNICAL...
Software Development Process - REQUIREMENTS ANALYSIS / ANALYSIS OF TECHNICAL...Software Development Process - REQUIREMENTS ANALYSIS / ANALYSIS OF TECHNICAL...
Software Development Process - REQUIREMENTS ANALYSIS / ANALYSIS OF TECHNICAL...Mark John Lado, MIT
 
Anatomy of An Open Source Project: Key Factors to Success
Anatomy of An Open Source Project: Key Factors to SuccessAnatomy of An Open Source Project: Key Factors to Success
Anatomy of An Open Source Project: Key Factors to SuccessSamsung Open Source Group
 

Similar to Context Is King: The Developer Perspective on the Usage of Static Analysis Tools (20)

Analyst Resources for Chief Information Security Officers (CISOs)
Analyst Resources for Chief Information Security Officers (CISOs)Analyst Resources for Chief Information Security Officers (CISOs)
Analyst Resources for Chief Information Security Officers (CISOs)
 
Supply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software DevelopmentSupply Chain Solutions for Modern Software Development
Supply Chain Solutions for Modern Software Development
 
Why Don't Software Developers Use Static Analysis Tools to Find Bugs?
Why Don't Software Developers Use Static Analysis Tools to Find Bugs?Why Don't Software Developers Use Static Analysis Tools to Find Bugs?
Why Don't Software Developers Use Static Analysis Tools to Find Bugs?
 
IIA4: Open Source and the Enterprise ( Predix Transform 2016)
IIA4: Open Source and the Enterprise ( Predix Transform 2016)IIA4: Open Source and the Enterprise ( Predix Transform 2016)
IIA4: Open Source and the Enterprise ( Predix Transform 2016)
 
Systems DevelopmentLife CycleITEC 630 Group 3Dayna Ferguso
Systems DevelopmentLife CycleITEC 630 Group 3Dayna FergusoSystems DevelopmentLife CycleITEC 630 Group 3Dayna Ferguso
Systems DevelopmentLife CycleITEC 630 Group 3Dayna Ferguso
 
Top 10 Factors to Consider for Solar Trackers Feb 16 2016
Top 10 Factors to Consider for Solar Trackers Feb 16 2016Top 10 Factors to Consider for Solar Trackers Feb 16 2016
Top 10 Factors to Consider for Solar Trackers Feb 16 2016
 
Top 10 Factors to Consider for Solar Trackers Feb 16 2016
Top 10 Factors to Consider for Solar Trackers Feb 16 2016Top 10 Factors to Consider for Solar Trackers Feb 16 2016
Top 10 Factors to Consider for Solar Trackers Feb 16 2016
 
RAD - System i - Presentation
RAD - System i - PresentationRAD - System i - Presentation
RAD - System i - Presentation
 
Best Practices for Managing Risk from Open Source Libraries and Components
Best Practices for Managing Risk from Open Source Libraries and Components Best Practices for Managing Risk from Open Source Libraries and Components
Best Practices for Managing Risk from Open Source Libraries and Components
 
Developing and Evolving a DSL-Based Approach for Runtime Monitoring of System...
Developing and Evolving a DSL-Based Approach for Runtime Monitoring of System...Developing and Evolving a DSL-Based Approach for Runtime Monitoring of System...
Developing and Evolving a DSL-Based Approach for Runtime Monitoring of System...
 
What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...What Good is this Tool? A Guide to Choosing the Right Application Security Te...
What Good is this Tool? A Guide to Choosing the Right Application Security Te...
 
Analysis random org nist2005
Analysis random org nist2005Analysis random org nist2005
Analysis random org nist2005
 
Software development life cycle
Software development life cycleSoftware development life cycle
Software development life cycle
 
Software Engineering - Basics
Software Engineering - BasicsSoftware Engineering - Basics
Software Engineering - Basics
 
Software Security Assurance for DevOps
Software Security Assurance for DevOpsSoftware Security Assurance for DevOps
Software Security Assurance for DevOps
 
Workshop Report Benchmarking Linked Data
Workshop Report Benchmarking Linked DataWorkshop Report Benchmarking Linked Data
Workshop Report Benchmarking Linked Data
 
Hidden Speed Bumps on the Road to "Continuous"
Hidden Speed Bumps on the Road to "Continuous"Hidden Speed Bumps on the Road to "Continuous"
Hidden Speed Bumps on the Road to "Continuous"
 
State of the Software Supply Chain Report 2017
State of the Software Supply Chain Report 2017State of the Software Supply Chain Report 2017
State of the Software Supply Chain Report 2017
 
Software Development Process - REQUIREMENTS ANALYSIS / ANALYSIS OF TECHNICAL...
Software Development Process - REQUIREMENTS ANALYSIS / ANALYSIS OF TECHNICAL...Software Development Process - REQUIREMENTS ANALYSIS / ANALYSIS OF TECHNICAL...
Software Development Process - REQUIREMENTS ANALYSIS / ANALYSIS OF TECHNICAL...
 
Anatomy of An Open Source Project: Key Factors to Success
Anatomy of An Open Source Project: Key Factors to SuccessAnatomy of An Open Source Project: Key Factors to Success
Anatomy of An Open Source Project: Key Factors to Success
 

More from Sebastiano Panichella

The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringSebastiano Panichella
 
Diversity-guided Search Exploration for Self-driving Cars Test Generation thr...
Diversity-guided Search Exploration for Self-driving Cars Test Generation thr...Diversity-guided Search Exploration for Self-driving Cars Test Generation thr...
Diversity-guided Search Exploration for Self-driving Cars Test Generation thr...Sebastiano Panichella
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSebastiano Panichella
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSebastiano Panichella
 
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Sebastiano Panichella
 
COSMOS: DevOps for Complex Cyber-physical Systems
COSMOS: DevOps for Complex Cyber-physical SystemsCOSMOS: DevOps for Complex Cyber-physical Systems
COSMOS: DevOps for Complex Cyber-physical SystemsSebastiano Panichella
 
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...Sebastiano Panichella
 
An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...
An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...
An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...Sebastiano Panichella
 
Automated Identification and Qualitative Characterization of Safety Concerns ...
Automated Identification and Qualitative Characterization of Safety Concerns ...Automated Identification and Qualitative Characterization of Safety Concerns ...
Automated Identification and Qualitative Characterization of Safety Concerns ...Sebastiano Panichella
 
The 2nd Intl. Workshop on NL-based Software Engineering
The 2nd Intl. Workshop on NL-based Software EngineeringThe 2nd Intl. Workshop on NL-based Software Engineering
The 2nd Intl. Workshop on NL-based Software EngineeringSebastiano Panichella
 
The 16th Intl. Workshop on Search-Based and Fuzz Testing
The 16th Intl. Workshop on Search-Based and Fuzz TestingThe 16th Intl. Workshop on Search-Based and Fuzz Testing
The 16th Intl. Workshop on Search-Based and Fuzz TestingSebastiano Panichella
 
Simulation-based Test Case Generation for Unmanned Aerial Vehicles in the Nei...
Simulation-based Test Case Generation for Unmanned Aerial Vehicles in the Nei...Simulation-based Test Case Generation for Unmanned Aerial Vehicles in the Nei...
Simulation-based Test Case Generation for Unmanned Aerial Vehicles in the Nei...Sebastiano Panichella
 
Exposed! A case study on the vulnerability-proneness of Google Play Apps
Exposed! A case study on the vulnerability-proneness of Google Play AppsExposed! A case study on the vulnerability-proneness of Google Play Apps
Exposed! A case study on the vulnerability-proneness of Google Play AppsSebastiano Panichella
 
Search-based Software Testing (SBST) '22
Search-based Software Testing (SBST) '22Search-based Software Testing (SBST) '22
Search-based Software Testing (SBST) '22Sebastiano Panichella
 
NL-based Software Engineering (NLBSE) '22
NL-based Software Engineering (NLBSE) '22NL-based Software Engineering (NLBSE) '22
NL-based Software Engineering (NLBSE) '22Sebastiano Panichella
 
"An NLP-based Tool for Software Artifacts Analysis" at @ICSME2021.
"An NLP-based Tool for Software Artifacts Analysis" at @ICSME2021. "An NLP-based Tool for Software Artifacts Analysis" at @ICSME2021.
"An NLP-based Tool for Software Artifacts Analysis" at @ICSME2021. Sebastiano Panichella
 
An Empirical Investigation of Relevant Changes and Automation Needs in Modern...
An Empirical Investigation of Relevant Changes and Automation Needs in Modern...An Empirical Investigation of Relevant Changes and Automation Needs in Modern...
An Empirical Investigation of Relevant Changes and Automation Needs in Modern...Sebastiano Panichella
 
Search-Based Software Testing Tool Competition 2021 by Sebastiano Panichella,...
Search-Based Software Testing Tool Competition 2021 by Sebastiano Panichella,...Search-Based Software Testing Tool Competition 2021 by Sebastiano Panichella,...
Search-Based Software Testing Tool Competition 2021 by Sebastiano Panichella,...Sebastiano Panichella
 

More from Sebastiano Panichella (20)

The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software Engineering
 
Diversity-guided Search Exploration for Self-driving Cars Test Generation thr...
Diversity-guided Search Exploration for Self-driving Cars Test Generation thr...Diversity-guided Search Exploration for Self-driving Cars Test Generation thr...
Diversity-guided Search Exploration for Self-driving Cars Test Generation thr...
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
 
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
Testing with Fewer Resources: Toward Adaptive Approaches for Cost-effective ...
 
COSMOS: DevOps for Complex Cyber-physical Systems
COSMOS: DevOps for Complex Cyber-physical SystemsCOSMOS: DevOps for Complex Cyber-physical Systems
COSMOS: DevOps for Complex Cyber-physical Systems
 
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
Testing and Development Challenges for Complex Cyber-Physical Systems: Insigh...
 
An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...
An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...
An Empirical Characterization of Software Bugs in Open-Source Cyber-Physical ...
 
Automated Identification and Qualitative Characterization of Safety Concerns ...
Automated Identification and Qualitative Characterization of Safety Concerns ...Automated Identification and Qualitative Characterization of Safety Concerns ...
Automated Identification and Qualitative Characterization of Safety Concerns ...
 
The 2nd Intl. Workshop on NL-based Software Engineering
The 2nd Intl. Workshop on NL-based Software EngineeringThe 2nd Intl. Workshop on NL-based Software Engineering
The 2nd Intl. Workshop on NL-based Software Engineering
 
The 16th Intl. Workshop on Search-Based and Fuzz Testing
The 16th Intl. Workshop on Search-Based and Fuzz TestingThe 16th Intl. Workshop on Search-Based and Fuzz Testing
The 16th Intl. Workshop on Search-Based and Fuzz Testing
 
Simulation-based Test Case Generation for Unmanned Aerial Vehicles in the Nei...
Simulation-based Test Case Generation for Unmanned Aerial Vehicles in the Nei...Simulation-based Test Case Generation for Unmanned Aerial Vehicles in the Nei...
Simulation-based Test Case Generation for Unmanned Aerial Vehicles in the Nei...
 
Exposed! A case study on the vulnerability-proneness of Google Play Apps
Exposed! A case study on the vulnerability-proneness of Google Play AppsExposed! A case study on the vulnerability-proneness of Google Play Apps
Exposed! A case study on the vulnerability-proneness of Google Play Apps
 
Search-based Software Testing (SBST) '22
Search-based Software Testing (SBST) '22Search-based Software Testing (SBST) '22
Search-based Software Testing (SBST) '22
 
NL-based Software Engineering (NLBSE) '22
NL-based Software Engineering (NLBSE) '22NL-based Software Engineering (NLBSE) '22
NL-based Software Engineering (NLBSE) '22
 
NLBSE’22: Tool Competition
NLBSE’22: Tool CompetitionNLBSE’22: Tool Competition
NLBSE’22: Tool Competition
 
"An NLP-based Tool for Software Artifacts Analysis" at @ICSME2021.
"An NLP-based Tool for Software Artifacts Analysis" at @ICSME2021. "An NLP-based Tool for Software Artifacts Analysis" at @ICSME2021.
"An NLP-based Tool for Software Artifacts Analysis" at @ICSME2021.
 
An Empirical Investigation of Relevant Changes and Automation Needs in Modern...
An Empirical Investigation of Relevant Changes and Automation Needs in Modern...An Empirical Investigation of Relevant Changes and Automation Needs in Modern...
An Empirical Investigation of Relevant Changes and Automation Needs in Modern...
 
Search-Based Software Testing Tool Competition 2021 by Sebastiano Panichella,...
Search-Based Software Testing Tool Competition 2021 by Sebastiano Panichella,...Search-Based Software Testing Tool Competition 2021 by Sebastiano Panichella,...
Search-Based Software Testing Tool Competition 2021 by Sebastiano Panichella,...
 

Recently uploaded

VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxBasil Achie
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@vikas rana
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfakankshagupta7348026
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrsaastr
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 

Recently uploaded (20)

VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Vaishnavi 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdf
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStrSaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
SaaStr Workshop Wednesday w: Jason Lemkin, SaaStr
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 

Context Is King: The Developer Perspective on the Usage of Static Analysis Tools

  • 1. 1 Context Is King: The Developer Perspective on the Usage of Static Analysis Tools. Carmine Vassallo, Sebastiano Panichella, Fabio Palomba, Sebastian Proksch, Andy Zaidman, and Harald Gall. @ccvassallo
  • 2. 2 Development Context Is King: The Developer Perspective on the Usage of Static Analysis Tools. Carmine Vassallo, Sebastiano Panichella, Fabio Palomba, Sebastian Proksch, Andy Zaidman, and Harald Gall. @ccvassallo
  • 3. 3 Development Context Is King: The Developer Perspective on the Usage of Static Analysis Tools. Carmine Vassallo, Sebastiano Panichella, Fabio Palomba, Sebastian Proksch, Andy Zaidman, and Harald Gall. @ccvassallo
  • 6. 6 ASATs detect so+ware defects faster and cheaper than human inspec6on and tes6ng would do (Johnson et al., ICSE 2013). ASATs are common, but not ubiquitous (Beller et al., SANER 2016)
  • 7. 7 Barriers when using ASATs Lack of effec6vely implemented quick fixes Johnson et al., “Why don’t software developers use Static Analysis Tools to Find Bugs?” ICSE 2013 High rate of false posi6ve warnings Low understandability of the warnings
  • 8. 8 Usage of ASATs in one context Panichella et al., “Would static analysis tools help developers with code reviews?” SANER 2015 Zampetti et al., “How open source projects use static code analysis tools in continuous integration” MSR 2017 Build failures caused by ASATs are mainly due to coding standard viola.ons Developers use ASATs mainly for checking coding structure Code Review Continuous Integration
  • 9. ASATs configured differently in different contexts. 9
  • 10. TO DO List 10 Development Contexts where ASATs are used Usage of ASATs in different contexts
  • 12. First Study: Research Questions • RQ1: In which development contexts do developers use ASATs? 
 • RQ2: How do developers configure ASATs in different development contexts? 12
  • 13. The Questionnaire 13 19 questions, 2 main topics: • Adoption of ASATs • Configuration of ASATs 43 (69% industrial and 31% open-source) participants.
  • 14. Usage of ASATs 14 Frequency Multiple times per day Daily Weekly Monthly % Respondents 0 10 20 30 40 12 19 31 38 ASATs are integrated with the regular development
  • 16. Where ASATs are used 16 30% 33% 37% % Respondents Local Development Code Review Continuous Integration
  • 17. When ASATs are configured 17 Frequency Kick-off Monthly Never Weekly % Respondents 0 15 30 45 60 7 20 22 51 The majority of developers configure ASATs only once.
  • 18. 18 How ASATs are configured of our respondents use the same configuration in different contexts.%75
  • 19. How ASATs are configured 19 Local Development Code Review Continuous Integration
  • 20. Second Study: ASATs usage in different contexts 20
  • 21. Extended questionnaire & Interviews 21 Context-Based Usage 25 participants 11 professional developers • 6 companies Semi-structured interviews
  • 22. Second Study: Research Question • RQ3 Do developers pay attention to the same warnings in different development contexts? 22
  • 23. Warnings in different contexts 23 Local Development Code Review Continuous Integration Developers pay attention to different warnings depending on the context. Code Structure Logic Error Handling Style Convention Redundancies Naming Conventions Error Handling Logic Style Convention 1st 2nd 3rd 1st 2nd 3rd 1st 2nd 3rd
  • 24. Other factors while selecting warnings 24 Factors Severity of the Warnings Policies of the Development Team Application Type Team Composition None of the above Tool Reputation % Respondents 0 15 30 45 60 0 6.1 6.1 12.1 24.2 51.5 2.4 2.4 9.9 19.5 31.7 34.1 2.3 7 11.6 18.6 27.9 32.6 Continuous Integration Code Review Local Development Blocker, Cri>cal, Major, etc. “Team leader decides to adopt a strict policy regarding naming conven6ons.” “Short-term applica6ons don’t need to follow strict rules.”
  • 26. How developers configure ASATs 26 Local Development Code Review Continuous Integration
  • 27. How developers perceive ASATs 27 Local Development Code Review Continuous Integration
  • 28. 28 Biased Percep6on Towards Context-Awareness Holis6c Analysis of the Developers’ Behaviour
  • 29. 29 Context Is King: The Developer Perspective on the Usage of Static Analysis Tools. Carmine Vassallo, Sebastiano Panichella, Fabio Palomba, Sebastian Proksch, Andy Zaidman, and Harald Gall. @ccvassallo vassallo@ifi.uzh.ch X Usage of ASATs in one context Panichella et al., “Would static analysis tools help developers with code reviews?” SANER 2015 Zampetti et al., “How open source projects use static code analysis tools in continuous integration” MSR 2017 Code Review Continuous Integration How ASATs are configured X Local Development Code Review Continuous Integration How developers perceive ASATs X Local Development Code Review Continuous Integration