Friday, May 22, 2009

Whitepaper Excerpt: The Benefits of Source Code Analysis

I recently authored a whitepaper focused on how companies can succeed with their source code analysis efforts -- most importantly to match their source code analysis efforts with whatever their business-focused goals are. We at Code Integrity Solutions have seen dozens to hundreds of deployments. We have taken what we consider the best practices and put the information in a whitepaper. If you are interested in getting a copy of the whitepaper, please contact us at I included an introductory excerpt below:

What is Static Source Code Analysis

Source code analysis, sometimes known as static analysis, is a technology that uses sophisticated algorithms to analyze source code (such as C, C++, Java and C# code) and report on findings. Typically, source code analysis (hereby known as SCA) is performed to find defects or security vulnerabilities in source code or provide structural information on the architecture of the code. Many modern SCA tools can analyze all the paths in the code providing significantly more coverage than traditional dynamic testing tools.

What are the Benefits of SCA
Finding defects and vulnerabilities in source code enables software development organizations to develop better quality, more secure software cheaper. Finding and fixing a bug in the development process can be 100 times cheaper than having the bug slip through to production. SCA doesn’t require test cases (since it doesn’t operate on running code), can report hundreds and thousands of defects in a short amount of time and can report problems right in the source code, making it easier for software developers to fix.

Many organizations have used SCA to greatly improve the quality and security of released code. The business benefits include:

Better Engineering Efficiency
• increased developer productivity

• faster time to market
• better trained developers who write better quality code as part of the development process
• more maintainable code

• adherence to industry standards

• compliance to government standards such as FDA requirements

Minimized Risk
• decreased quality and security risk

• increased confidence in offshore or outsourced code
• increased confidence in third party licensed code

Lower Business Cost
• lower cost of recalls, returns

• lower support costs, field issues
• increased customer satisfaction
• increased renewals

Stronger marketing claims
• higher availability and uptime statistics

• fewer security vulnerabilities

Just to name a few. In our next post, we'll talk about some of the challenges!

No comments:

Post a Comment