Mike Rozlog discusses the need for software audits, proposing five code reviews that every developer should use: Numerical Literal, String Literal, god Method, Shotgun Surgery and Duplicate Code.
The privately owned US company Coverity claims that its newly released and browser-based software tool Coverity Integrity Control supports development organizations to set standard policies for code quality and security, and then manage, monitor and report on these policies as code is tested.
Some allegations regarding backdoors implemented at FBI’s request in OpenBSD’s IPsec stack were made earlier this month. After auditing the code, Theo de Raadt, the founder of OpenBSD, has concluded that there are no such threats in the open source operating system.
NDepend 3.0 comes integrated with Visual Studio analyzing code in real time, can analyze code over multiple VS solutions, supports editing of multiple CQL rules at one time, and comes with enhanced search and performance.
The latest releases of Fisheye 2 (source code repository browser) and Crucible 2 (code review) from Atlassian offer a completely revamped UI, one that allows developers to follow the team (a kind of social networking) as well as follow the work. Crucible 2 also supports the idea of "iterative code review."
Gerard Holzmann discusses Spin, a design analyzer tool, and Scrub, a code review tool, used by Jet Propulsion Laboratory to analyze and fix the software used for critical solar system exploration missions.
Magnus Robertsson shows how to control the code architecture manually, statically and dynamically in order to avoid an architectural drift leading to a big-ball-of-mud. For that, he recommends ways to enforce the reference architecture through peer review, code analysis, and zero tolerance to warnings and errors.
Developer-driven testing is probably the most influential software development technique of the last 10-15 years. There's no question that it has improved the practice of building software. And in a dynamic language like Ruby, it's hard to get by without it. But is it really the best way to find defects? Or is the emphasis on testing and test coverage barking up the wrong tree?
In this interview filmed during RubyFringe 2008, Luke Francl explains his position towards testing. While supporting unit testing, he thinks testing is not going to reveal all application defects. Development teams should also practice code reviews and usability tests which are likely to discover bugs not visible though other methods.
