Click me
Transcribed

Why Developers Need Static Analysis Tools

SCA FTW! WHY DEVELOPERS NEED STATIC ANALYSIS TOOLS Pwn Here's a no-brainer: You need to produce safe, reliable code that's free of security weaknesses and critical defects. With static analysis tools, you got this. Static analysis (noun, synony m: source code analysis/SCA) automatically detects weaknesses in computer software without executing the programs built from that software and enables developers to check-in clean code. SOFTWARE DEFECTS = LAUNCH DELAYS + RECALLS + BRAND DAMAGE + EXPENSE + SERIOUS HARM THERAC-25 RADIATION TOYOTA PRIUS THERAPY MACHINE ARIANE 5 FLIGHT 501 400K+ VEHICLES RECALLED PATIENTS SUFFER FROM MASSIVE $370M ROCKET SELF-DESTRUCTS DOSES OF RADIATION DEFECTS ARE HARD TO FIND: COST OF DEFECTS: THE GLOBAL ECONOMY SPENDS $312 BILLION ANNUALLY*** Most applications have DEV & MAINTENANCE BUDGET 22.4 SECURITY RISKS* 50ยข OF EVERY DOLLAR Without tools like static analysis or a code review process, programmers are less than 50% EFFICIENT in finding bugs in their own software** spent on soft ware development and maintenance goes towards finding and fixing bugs**** EFFICIENCY 50c STATIC ANALYSIS HELPS YOU FIND CRITICAL WEAKNESSES & COMPLY WITH KEY CODING STANDARDS SAMATE OWASP CERT -Buffer overflow -Concurrency violations -Un-validated user input -Dereferencing NULL pointers MISRA CWE DISA STIGS -Injection issues -Cross-site scripting -Concurrency errors -Endian incompatibilities -Use of uninitialized data FDA DO-178B -Memory and resource leaks ISO-26262 PCI SAVE TIME. SAVE MONEY SAVE YOUR SANITY. Software developers spend half their programming time finding and fixing bugs*** 85% X TRADITIONAL APPROACH (a.k.a. Lather, Rinse, Repeat) -Write code -Check it in -QA points out mistakes -Fix code -Check it in again SI6K of defects created during coding, not found until testing 25 hrs PRODUCTION S1,000 -QA finds more mistakes 12.5 hrs VMODERN APPROACH TEST Ihr S25 (a.k.a. Get It Right the First Time) -Write code -Fix mistakes as you go INTEGRATION BUILD System Test 15 min- Coding Post -Check-in clean code Release -Write more code IMPLEMENTATION spent to repair defects $16,000 ound after release* With SCA tools, you can fix issues at your desktop while you're coding and before check-in Find bugs sooner, move 3.532 Ibs. of bacon on to other things DEVELOPERS: WHAT'S IN IT FOR ME? DEV MANAGERS: WHAT'S IN IT FOR ME? 1. Keep QA off your back by avoiding the lather-rinse-repeat cycle 1. Narrow the gap between your rock star coders and the new bs 2. Be a better developer by learning from your mistakes 2. Decrease risk by ensuring issues are fixed early in the dev cycle 3. Check-in clean code and move on to other things 3. Boost productivity by reducing the time spent on dealing with code defects 4. Avoid being the guy who codes a serious defect that gets into the wild 4. Keep improving your code base by tracking and reporting on code security, quality and complexity metrics DEPLOY SCA. REWARD YOURSELF WITHA CRONUT! * 2013 Global Application Sacurity Risk Raport https://www.aspoctsecurity.com/uploads/downoads/2013/0EAspact-2015-Glob ol-AppSec-Risk-Report pdt * Capers Jones, 2012 http:/sagnearg/prasentations/2012-13/Janes-Sap-2012 pat *** Cambridga Univorsity Study Statos Sottwara Bugs Cost Economy S312 Billion Per Year k klocwork Klocwork helps developers create more secure and reliable software with on-the-fly source code analysis tools. http:marea ontent.comstock niversity_Studu_States Software **** Copers Jones, 2012 http://www.ifpug org/DocumantsJanes-SoftwaroDatactoriginsAndRomova Met hodsDrofi5 pdr *****Applied Software Measurement, Capers Janes. 1995 ocks/hews/tead/23147130/Cambridge_U 5312 Billion Economy Per Year Learn more and register for a free trial at: www.klocwork.com/WhySCA EXAMPLES: PERSON HOURS REQURED TO RERAIR DEFECTS IN THIS STAGE

Why Developers Need Static Analysis Tools

shared by LaurenGaynor on Aug 12
341 views
1 share
0 comments
The point of this infographic was to communicate in a fun & funky way, the benefits that software developers will get from using source code analysis (aka static analysis) tools offered by Klocwork.

Source

Unknown. Add a source

Category

Technology
Did you work on this visual? Claim credit!

Get a Quote

Embed Code

For hosted site:

Click the code to copy

For wordpress.com:

Click the code to copy
Customize size