development testing

2 articles

Detecting security problems – using static analysis to catch them early and less expensively

By Bill Graham In my previous post I discussed the potential benefits in quality and costs that static analysis brings to software development. In addition to common coding errors, many of the bugs found by static analysis are potential security defects as well.  Buffer overflow, OS command injection, unrestricted string format and integer overflows are among the top 25 most dangerous security coding defects…

Using Static Analysis to Improve Product Quality, Earlier and Cheaper

By Bill Graham Fixing bugs is expensive. Fixing bugs is more expensive the later you leave them, in fact, its been shown to cost a magnitude higher with each major phase of development. The famous defect cost chart from Capers Jones shows the cost of a bug going from $25 at the coding phase to $16,000 in development.  Not only that,…