Facilitating the spread of knowledge and innovation in professional software development



Choose your language

InfoQ Homepage Coding Standards Content on InfoQ

  • Static Analyzer Rudra Found over 200 Memory Safety Issues in Rust Crates

    Developed at the Georgia Institute of Technology, Rudra is a static analyzer able to report potential memory safety bugs in Rust programs. Rudra has been used to scan the entire Rust package registry and identified 264 new memory safety bugs.

  • Rust 2021 Edition is Here: Q&A with Armin Ronacher

    Rust 2021 Edition hit the road perfectly on schedule on October 21, along with Rust 1.56.0. The latest version of the language includes support for disjoint capture, or patterns in macro rules, and more. InfoQ has taken the chance to speak with Sentry director of engineering, Armin Ronacher, about where Rust is standing now.

  • IBM Fully Homomorphic Encryption Toolkit Now Available for MacOS and iOS

    IBM's Fully Homomorphic Encryption (FHE) Toolkit aims to allow developers to start using FHE in their solutions. According to IBM, FHE can have a dramatic impact on data security and privacy in highly regulated industries by enabling computing directly on encrypted data.

  • Microsoft Exploring Rust as the Solution for Safe Software

    Microsoft has been recently experimenting with Rust to improve the safety of their software. In a talk at RustFest Barcelona, Microsoft engineers Ryan Levick and Sebastian Fernandez explained the challenges they faced in using Rust at Microsoft. Part of Microsoft's journey with Rust included rewriting a low-level Windows component, as Adam Burch explained.

  • SAP Open Sources Java SCA Tool

    SAP open sources a tool to detect known vulnerabilities in Java/Python applications through software composition analysis.

  • Learning to Code Better with Lean Coding

    Lean coding aims to provide insight into the actual coding activity, helping developers to detect that things are not going as expected at the 10 minute-level and enabling them to call for help immediately. Developers can use it to improve their technical skills to become better in writing code.

  • Zeppelin: a Secure Smart Contracts Open-Source Framework for Blockchain Applications

    Zeppelin is a MIT licensed open source secure smart contract development framework to build blockchain applications. It's a community effort pioneered to ensure only secure, tested and audited smart contract code makes it to a production blockchain, to reduce incidents such as "The DAO" hack. Zeppelin is intended to be blockchain-agnostic, but in the beginning they are focusing on Solidity tools.

  • Continuous Deployment at Coolblue

    Continuous deployment results in a higher sense of responsibility and better quality of deployments, argues Paul de Raaij, technical pathfinder at Coolblue. Coding standards prevent your code base from becoming a mess, automated inspections are great for tedious and boring checks, and manual checks are great for checking if the logic or use of code actually makes sense.

  • Challenges When Implementing Microservices and Why Programming Style Matters

    Fred George talked about the Challenges in Implementing MicroServices and The Secret Assumption of Agile at the GOTO Amsterdam 2015 conference. InfoQ interviewed him about how make microservices as small as possible, challenges when implementing microservices and how to deal with them, why programming style matters, and what developers can do to develop their code writing skills.

  • Mixing Agile with Waterfall for Code Quality

    The 2014 CAST Research on Application Software Health (CRASH) report states that enterprise software built using a mixture of agile and waterfall methods will result in more robust and secure applications than those built using either agile or waterfall methods alone. InfoQ interviewed Bill Curtis about structural quality factors, and mixing agile and waterfall methods.

  • DidFail: a Free Android Tool to Detect Information Leakage

    CERT Secure Coding team have recently released a freely available tool capable of analysing the leakage of sensitive information from an Android app. CERT researchers claim their tool "is the most precise taint-flow static analysis tool for Android apps."

  • Ecma Standardizes Dart

    Ecma International has standardized the first edition of Dart, ECMA-408.

  • Heartbleed’s Aftermath: OpenBSD Developers Start Purifying OpenSSL

    OpenSSL's Heartbleed vulnerability has brought the project under the intense scrutiny of the OpenBSD development team. The team began a massive cleanse and repair of the OpenSSL codebase last week with impressive results.

  • Secure Coding for the Android Platform

    CERT Secure Coding team, part of the Software Engineering Institute at Carnegie Mellon University, have recently released secure coding guidelines specific to Java's application in the Android platform. InfoQ interviews Lori Flynn, one of the researchers who authored them.

  • Lessons Learned from Apple's GoToFail Bug

    The recent security weakness found in both iOS and OS X hints at flaws in coding style guidelines, unit testing, system testing, code review policies, error management strategies, and tools deployment. An overview.