The recent security weakness found in both iOS and OS X hints at flaws in coding style guidelines, unit testing, system testing, code review policies, error management strategies, and tools deployment. An overview.
Patrick Smacchia has recently announced NDepend 5.0, the latest version of his .NET code analyzer coming with a number of enhancements: support for VS 2013, trend monitoring, new dashboard and a major UI facelift.
One blog of note that is furthering the efforts of today’s mobile application developers can be found at the OpenSignal web site. Their recent Android Fragmentation Visualized report offers some unique perspectives on the challenges of writing Android apps.
Visual Studio 2012 simplifies the code review task with the ability to compare code files, annotation, comments from reviewers and status updates.
Team Foundation Server 11 has added many features in the area of Application Lifecycle Management. Some of the highlights include support for code reviews, iterations/sprints, resource allocation, third part testing frameworks, and a much more capable dependency graph.
The privately owned US company Coverity claims that its newly released and browser-based software tool Coverity Integrity Control supports development organizations to set standard policies for code quality and security, and then manage, monitor and report on these policies as code is tested.
The latest version of Application Lifecycle Management (ALM) collaboration tool Tasktop supports task federation, cross-repository Agile planning, and new connectors to other ALM tools like HP Agile Accelerator and SmartBear CodeCollaborator. Tasktop team last week released version 2.0 of the software which also has integration with Hudson CI tool.
Some allegations regarding backdoors implemented at FBI’s request in OpenBSD’s IPsec stack were made earlier this month. After auditing the code, Theo de Raadt, the founder of OpenBSD, has concluded that there are no such threats in the open source operating system.
NDepend 3.0 comes integrated with Visual Studio analyzing code in real time, can analyze code over multiple VS solutions, supports editing of multiple CQL rules at one time, and comes with enhanced search and performance.
The latest releases of Fisheye 2 (source code repository browser) and Crucible 2 (code review) from Atlassian offer a completely revamped UI, one that allows developers to follow the team (a kind of social networking) as well as follow the work. Crucible 2 also supports the idea of "iterative code review."
In this interview filmed during RubyFringe 2008, Luke Francl explains his position towards testing. While supporting unit testing, he thinks testing is not going to reveal all application defects. Development teams should practice code reviews and usability tests which are likely to discover bugs not visible though other methods.
In this talk from RubyFringe, Luke Francl asks: is developer-driven testing really the best way to find software defects? Or is the emphasis on testing and test coverage barking up the wrong tree?
Creating secure code requires more than just good intentions. Programmers need to know how to make their code safe in an almost infinite number of scenarios and configurations. Static source code analysis can uncover the kinds of errors that lead directly to vulnerabilities and in this talk, Brian Chess frames the software security problem and shows how static analysis is part of the solution.
Any tool is only good if it is in the hands of a developer who knows how to use it. NDepend is one of those tools which is very powerful but addresses an aspect of software development too few architects or developers understand, software metrics.