NDepend has released a new version of their flagship static code analysis product. NDepend 4 introductes Code Query LINQ, NDepend.API, and VS 2012 support.
Roslyn is a set of libraries for handling compilation, scripting, workspaces, and IDE services. It is an extensible model with VB and C# being the first two target languages. While still far from completion, Roslyn is targeting VB 12/C# 6, this release marks a major milestone for the project.
Sonar Quality Dashboard version 3.0 has recently been released including separate commercial editions and a new plugin allowing developers to see how their individual commits affect project quality.
A Coverity study concludes that open source code using static analysis has on average a lower number of defects than commercial code, but they are on par when it comes to code of similar sizes.
ARM is offering a community edition of their Development Studio 5, containing a debugger and a performance analyzer of Android native code.
On October 26th, The Jolt Judges announced the awards for 2011 in the category “Design, Planning, and Architecture Tools”. In detail, the Jolt hall of fame now includes the products Paradigm for UML, Restructure 101, and Requirements Center 2010.
Application Performance Measurement (APM) vendor AppDynamics has released AppDynamics Lite version 2.0, bringing new features from their commercial product into the free version.
In a recent news article the Massachusetts Institute of Technology has introduced a technology for automatically remembering connections between objects. The provided system determines how objects in a large software project interact, so it can inform latecomers which objects they will need to design certain types of functions.
New Relic is bringing its well-regarded web application performance service to Java applications running on Heroku's PaaS. The add-on is offered in two versions, a free standard version, and a professional subscription service currently costing $0.06 per dyno hour. New Relic have also announced Python support for their stand-alone product.
ej-technologies GmbH has released JProfiler 7.0. JProfiler is a Java SE/EE profiling tool which features CPU profiling, memory profiling, thread profiling and VM telemetry. Version 7.0 comes with an improved heap walker, custom probes and built-in probes for JDBC, JMS, JNDI, Servlets, files, sockets and processes.
The privately owned US company Coverity claims that its newly released and browser-based software tool Coverity Integrity Control supports development organizations to set standard policies for code quality and security, and then manage, monitor and report on these policies as code is tested.
ThoughtWorks, a global IT consultancy that focuses on agile development, recently announced they will leverage the software architecture management tool Structure101 for assessing the quality of code bases. Structure101 is the main product that Headway Software provides for advanced code analysis.
The latest version of open source code quality management tool Sonar supports architecture constraint rules and custom dashboards. SonarSource team recently released Sonar 2.4 version which also includes Maven 3 support and an update center to install and upgrade Sonar plugins.
Multiple reasons can be quoted for the failure of software projects. Some projects fail because of bad requirements, others due to cost and schedule overrun and few simply due to bad management. If we do a root cause analysis, would all of the failed projects lead to bad code as the main culprit? Always?
Web application security testing and assessment should include both security code review and penetration testing techniques. Dave Wichers, an OWASP Board Member, spoke at the recent AppSec DC 2010 Conference about the pros and cons of code reviews and penetration testing approaches in finding security vulnerabilities in web applications.