SlideShare a Scribd company logo
1 of 48
Source Code Analysis in an Agile World,[object Object],Todd Landry – Senior Product Manager,[object Object]
About Me,[object Object],13+ years in Product Management,[object Object],Klocwork PM for 2+ years,[object Object],Worked with multiple Agile teams,[object Object],Certified Scrum Product Owner,[object Object],Contact Info:,[object Object],EMAIL: todd.landry@klocwork.com,[object Object],TWITTER: http://twitter.com/todd_landry,[object Object],BLOG: http://www.klocwork.com/blog,[object Object]
Before We Get Started	,[object Object],Not a sales pitch,[object Object],Intended as an educational session,[object Object],Provides a high level overview of Agile and Static Code analysis,[object Object],Understand how they can work together,[object Object]
Agenda  ,[object Object],Agile Overview,[object Object],Introducing Static Code Analysis ,[object Object],Adopting tools into Agile,[object Object],How Klocwork Fits in Agile,[object Object],Summary,[object Object],Questions,[object Object]
Agile Adoption Has Reached Mainstream Proportions,[object Object],“Please select the methodology that most closely reflects the development process you are currently using.”  (select only one),[object Object],Source: Forrester/Dr. Dobb’s Global Developer Technographics® Survey, Q3 2009  |  Forrester Research, Inc.,[object Object]
Who Uses Agile?,[object Object],Software organizations everywhere,[object Object],Aerospace: Raytheon, Northrup Grumman,[object Object],Automotive: GM, DaimlerChrysler,[object Object],Banking: Merrill Lynch & Co., T. Rowe Price Group,[object Object],Communications: Verizon Wireless, SBC,[object Object],...,[object Object]
Why Agile? What’s Wrong With Waterfall ?,[object Object],Nothing really, still the most widely used development methodology today,[object Object],Most predictable of all methods...you know (for the most part), what you’re getting and approximately when,[object Object],Well documented set of requirements (and most everything else),[object Object],Structured approach (not chaos like those Agile-guys),[object Object],However, there are drawbacks,[object Object],Commitments are made early on, and are difficult and costly to change ,[object Object],Not always sure you will meet the market needs at release time,[object Object],Risk is pushed to the end of the development period during testing phases,[object Object],Hard to react to problems when so late in the development process,[object Object]
Why Agile?,[object Object],Visibility - stakeholder collaboration and validation throughout the development life-cycle ,[object Object],Value - continuous delivery of much more measurable business value ,[object Object],Adaptability - the ability to rapidly respond to changes in strategy, priorities, and plans ,[object Object],Risk - the reduction in aggregate project risk as a result of #1-3 above,[object Object],So what is Agile development?,[object Object]
Introduction To Agile,[object Object],Agile first surfaced in mid-1990’s,[object Object],Reaction to waterfall development ,[object Object],Bureaucratic, slow, and inconsistent with the ways that software developers actually perform effective work,[object Object],Different ‘types’ of Agile,[object Object],Scrum,[object Object],XP,[object Object],Feature driven development,[object Object],Lean development,[object Object],Adaptive Software Development,[object Object],Dynamic Systems Development Method (DSDM),[object Object],Kanban,[object Object]
SCA in an Agile World | June 2010
Agile Manifesto Summarized,[object Object],Agile development is an approach,[object Object],Continuous and rapid delivery of working software,[object Object],Embrace change,[object Object],Collaboration and communication,[object Object],All about the Team,[object Object],Simplicity,[object Object]
Agile vs. Waterfall,[object Object],Waterfall Development,[object Object],Agile Development,[object Object],Verification,[object Object],Implementation,[object Object],Maintenance,[object Object],Design,[object Object],Requirements,[object Object],x months/years,[object Object],2-4 weeks,[object Object]
Typical Agile Process,[object Object],24 h,[object Object],2-4 Weeks,[object Object],Product Backlog,[object Object],Iteration Backlog,[object Object],Iteration,[object Object],Working Increment of the software,[object Object]
The Iteration,[object Object],Verification,[object Object],Implementation/,[object Object],Development,[object Object],Design,[object Object],Deployment/,[object Object],Maintenance,[object Object]
What Happens with Bugs in Agile?,[object Object],During the iteration, bug fixes are addressed before any new feature/task is started,[object Object],At the end of an iteration, any outstanding bugs typically go to the top of the list for the next iteration,[object Object],New features are not started until all bugs are fixed,[object Object],Schedule starts to slip,[object Object],Morale can decline,[object Object],BACKLOG,[object Object],Awesome Feature 1,[object Object],Cool Feature 2,[object Object],Cool Feature 3,[object Object]
SCA in an Agile World | June 2010
Introduction toSource Code Analysis,[object Object]
Source Code Analysis (SCA) – The Basics,[object Object],What is source code analysis?,[object Object],The analysis of computer software (source code) that is performed without actually executing programs built from that software.,[object Object],Automated code analysis technology finds weaknesses in source code ,[object Object],Logic errors and implementation defects,[object Object],Security vulnerabilities,[object Object],Architecture validity,[object Object],Concurrency violations and rare boundary conditions ,[object Object],Software metrics generation and management,[object Object],Distinct from more traditional dynamic analysis techniques, such as unit or penetration tests,[object Object],Underlying technology is called static analysis,[object Object],Work is performed at build time using only the source code of the program or module,[object Object],Complete view of every possible execution path, rather than an aspect of observed runtime behavior,[object Object],Confidential,[object Object]
SCA – A History Lesson,[object Object],1st Generation SCA,[object Object],2nd Generation SCA,[object Object],3rd Generation SCA,[object Object],1970’s,[object Object],2000,[object Object],Today,[object Object]
Source Code Analysis - Historical perspective,[object Object],Lint was invented as a developer’s tool,[object Object],Lots of problems with the model,[object Object],Noise, inaccuracies, too-small a locality of reference,[object Object],But it was always intended to “just give better compiler errors to the developer”,[object Object],Seen by developers as “opt-in” and “mine”,[object Object],What was Lint doing?,[object Object],Scanning, initially,[object Object],Looking for “known aberrant” problems with C,[object Object],Missing / extra semi-colons,[object Object],Missing curlicues,[object Object],Potentially dangerous implicit casts,[object Object]
SCA – A History Lesson,[object Object],1st Generation SCA,[object Object],2nd Generation SCA,[object Object],3rd Generation SCA,[object Object],1970’s,[object Object],2000,[object Object],Today,[object Object]
Source Code Analysis - Historical perspective,[object Object],2nd generation static analysis provided better core analysis capabilities that extended beyond syntactical and semantic analyses to include:,[object Object],Sophisticated inter-procedural, control- and data-flow analysis ,[object Object],New approaches for pruning false paths,[object Object],Estimating the values that variables will assume,[object Object],Simulating potential runtime behavior,[object Object],Moved away from being a developer tool,[object Object],In order to produce good analysis, must do it at integration build,[object Object],So it’s not part of the developer’s workflow, it’s asynchronous,[object Object],So when a bug is found it’s too late,[object Object],The developer is already on some other task and must be dragged back,[object Object]
What kind of bugs?,[object Object],Local bugs vs. inter-procedural bugs,[object Object],Local bugs are “easier” to find, and certainly easier to understand,[object Object],Picture “slapping head”,[object Object],Inter-procedural bugs are the big payoffs,[object Object],Difficult for different developers working on projects to deal with each other’s code rationally,[object Object],Lots of fingers in lots of pies = lots (and lots) of bugs,[object Object],What kinds of bugs?,[object Object],Resource management,[object Object],Pointer management (and yes, this means Java too),[object Object],Security vulnerabilities (injections, overflows, naivety, stupidity, …),[object Object],Concurrency,[object Object]
The Costs of Bug Containment,[object Object],2nd Generation Source Code Analysis,[object Object],Confidential,[object Object]
SCA – A History Lesson,[object Object],1st Generation SCA,[object Object],2nd Generation SCA,[object Object],3rd Generation SCA,[object Object],1970’s,[object Object],2000,[object Object],Today,[object Object]
3rd Generation Source Code Analysis,[object Object],Deliver 2nd generation analysis capabilities right to the developer desktop,[object Object],Focus on enabling the developer, not blaming them,[object Object],If the tool is “mine” I’m more likely to use it when I’m in process,[object Object],If I use it in process, I’ll find and understand the bugs more quickly,[object Object],If I understand the bugs, I’ll fix them faster,[object Object],If I fix the bugs, the code stream isn’t polluted,                                                     my QA time isn’t wasted, and my product gets better,[object Object],Bottom line,[object Object],Don’t check in code that doesn’t work!,[object Object],Build defensive coding into the organization from the                                  ground up,[object Object],Narrow the gap between the rock stars and the interns,[object Object],Make a better product,[object Object]
The Costs of Bug Containment,[object Object],2nd Generation Source Code Analysis,[object Object],Confidential,[object Object]
The Costs of Bug Containment,[object Object],3rd Generation Source Code Analysis,[object Object],2nd Generation Source Code Analysis,[object Object],Confidential,[object Object]
The Iteration with SCA,[object Object],Verification,[object Object],Implementation/,[object Object],Development,[object Object],Design,[object Object],Deployment/,[object Object],Maintenance,[object Object]
SCA in an Agile World | June 2010
SCA in an Agile World | June 2010
Adopting Tools for Agile,[object Object]
Agile team members,[object Object],Developers have their feet under the table now,[object Object],Provide input on what’s being done,[object Object],Determine whether it makes sense,[object Object],Agile tools tend to cater to the process of teaming,[object Object],Product manager tools,[object Object],Project manager tools,[object Object],Time management tools,[object Object],Customer relationship tools,[object Object],So where do we come in?,[object Object],None of these tools are targeted at the developer,[object Object]
There are very few developer tools…,[object Object],Continuous integration,[object Object],OK, but is that all there is?,[object Object],CI helps out with the production process,[object Object],Where are the tools for actual development?,[object Object],Some IDEs / languages are awesome,[object Object],Java, Ruby, Python, all great productive languages,[object Object],C/C++, not so much,[object Object],Agile isn’t just web pages and prototypes,[object Object],Mission critical applications are being developed using Agile now,[object Object],And they use those unpleasant languages.,[object Object]
Agile developer tools?,[object Object],We all know that Agile isn’t about tools, we’ve all read it,[object Object],First thing the manifesto breaks out,[object Object],“Individuals and interactions over processes and tools”,[object Object],Times have changed…so have the tools…,[object Object],What kind of tools could help Agile developers?,[object Object],Architectural coherence and sustainability,[object Object],Refactoring support,[object Object],Organic peer review,[object Object]
How Does Klocwork Help?,[object Object]
Klocwork Agile Desktop	,[object Object],Early Defect Detection,[object Object],Collaborative Mitigation,[object Object],Refactoring,[object Object],Code Review,[object Object]
Find Defects Really Early,[object Object],Agile requires a product every iteration,[object Object],If you don’t hit that milestone, then you fix first, implement later in the next iteration,[object Object],The worse it gets, the more bug debt you accumulate,[object Object],Velocity deteriorates the further into the project you get,[object Object],Bug debt kills projects,[object Object],Low velocity  Low morale  Angry (or at best skeptical) customers,[object Object],Until, finally… “This process doesn’t work!”,[object Object],So fix early, fix often,[object Object],Maintain high quality, low bug debt, high velocity,[object Object]
Klocwork in Visual Studio,[object Object]
Keep Everyone in the Loop,[object Object],Short iterations require rapid communication,[object Object],Klocwork provides collaborative mitigation for all reported issues,[object Object],Developers can change the status/add comments for these issues,[object Object],Status changes and added comments are automatically synchronized with other developers,[object Object],No duplication of issue fixes,[object Object],Complex bugs can be worked on/tracked as a team,[object Object]
Refactoring…OK, but why?,[object Object],Refactoring = The process of simplifying and clarifying code without changing the program’s behaviour,[object Object],Well established practice in the Agile development process,[object Object],Developers do this all the time…but it’s hard to do,[object Object],Need ways to do this faster, more efficiently,[object Object],Anything that has a lifecycle to it needs to be created thinking of the future,[object Object],In a development team, the future frequently means different people,[object Object],Make the code you’re creating as simple to inherit as possible,[object Object],So refactor early, refactor often,[object Object]
Refuctoring,[object Object],Refuctoring is the process of taking a well designed piece of code and, through a series of small, reversible changes, making it completely unmaintainable by anyone other than yourself,[object Object],Common refuctorings include:,[object Object],Pig Latin (for naming conventions),[object Object],Treasure hunt,[object Object],Rainy day module,[object Object],Developer foxhole,[object Object],The Waterfall Alliance,[object Object]
Code Review,[object Object],Almost always part of the development process, but is:,[object Object],Time consuming,[object Object],Belittling,[object Object],Boring,[object Object],Embarrassing,[object Object]
Code Reviews – Mandatory,[object Object],“To what extent are code reviews a part of your regular release cycle?”,[object Object],87%,[object Object],Source: A commissioned study conducted by Forrester Consulting on behalf of Klocwork, February 2010,[object Object]
Klocwork Inspect,[object Object],So how have we changed code reviews?,[object Object],Organic, bottom-up, rather than imposed, top-down,[object Object],Peer-based, not hierarchical,[object Object],Early and often, not after the fact,[object Object],Asynchronous, rather than “around the table”,[object Object],Defects found through SCA integrated into the code review,[object Object],Don’t bring the person to the review, bring the review to the person,[object Object]
How much can Klocwork help? Some examples...,[object Object],2 week iteration & 10 person team,[object Object],5 stories – 300LOC/story,[object Object],Real world customer ROI examples…,[object Object],Lawrence Livermore saved $200,000 on 365 KLOC project,[object Object],Motorola reduced # of issues found at System Test by 50%,[object Object],Mentor Graphics found 1000 bugs with no involvement from testing,[object Object]
All Good Stuff...But	,[object Object],There needs to be a balance,[object Object],Tools must help develop better code, and not hinder individual interaction   ,[object Object],Tools must do the job with minimal effort, and minimal side effects,[object Object],Be flexible...Fit the tool to the team, not the team to the tool...otherwise you’re toast!      ,[object Object]
Summary,[object Object],Agile is a development methodology,[object Object],Many different flavours...Klocwork can help in all of them,[object Object],Klocwork provides tools for the developer,[object Object],Finding issues as early as possible in the SDLC eliminating costly rework,[object Object],Allowing near-real time collaboration on issues,[object Object],Allowing users to refactor their code for better consistency,[object Object],Provide a non-intrusive process for a critical (but painful) component of software development...the code review,[object Object]

More Related Content

What's hot

Waste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia MeetupWaste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia MeetupLemi Orhan Ergin
 
Fighting with Waste Driven Development - XP Days Ukraine 2017
Fighting with Waste Driven Development - XP Days Ukraine 2017Fighting with Waste Driven Development - XP Days Ukraine 2017
Fighting with Waste Driven Development - XP Days Ukraine 2017Lemi Orhan Ergin
 
Digital transformation testing.
Digital transformation testing. Digital transformation testing.
Digital transformation testing. Deepak Daniel
 
Solving the 3 Biggest Questions in Continuous Testing
Solving the 3 Biggest Questions in Continuous TestingSolving the 3 Biggest Questions in Continuous Testing
Solving the 3 Biggest Questions in Continuous TestingPerfecto by Perforce
 
Clean Software Design: The Practices to Make The Design Simple
Clean Software Design: The Practices to Make The Design SimpleClean Software Design: The Practices to Make The Design Simple
Clean Software Design: The Practices to Make The Design SimpleLemi Orhan Ergin
 
How to Embed Codeless Test Automation Into DevOps
How to Embed Codeless Test Automation Into DevOpsHow to Embed Codeless Test Automation Into DevOps
How to Embed Codeless Test Automation Into DevOpsPerfecto by Perforce
 
Taming Big Balls of Mud with Diligence, Agile Practices, and Hard Work
Taming Big Balls of Mud with Diligence, Agile Practices, and Hard WorkTaming Big Balls of Mud with Diligence, Agile Practices, and Hard Work
Taming Big Balls of Mud with Diligence, Agile Practices, and Hard WorkJoseph Yoder
 
Agile archiecture iltam 2014
Agile archiecture   iltam 2014Agile archiecture   iltam 2014
Agile archiecture iltam 2014Dani Mannes
 
Evolution of Agile Testing
Evolution of Agile TestingEvolution of Agile Testing
Evolution of Agile TestingOdd-e
 
Unwritten Manual for Pair Programming
Unwritten Manual for Pair ProgrammingUnwritten Manual for Pair Programming
Unwritten Manual for Pair ProgrammingLemi Orhan Ergin
 
Waterfallacies V1 1
Waterfallacies V1 1Waterfallacies V1 1
Waterfallacies V1 1Jorge Boria
 
Agile vs. DevOps for Continuous Testing: How to Optimize Your Pipeline
Agile vs. DevOps for Continuous Testing: How to Optimize Your PipelineAgile vs. DevOps for Continuous Testing: How to Optimize Your Pipeline
Agile vs. DevOps for Continuous Testing: How to Optimize Your PipelinePerfecto by Perforce
 
Continuous Integration
Continuous IntegrationContinuous Integration
Continuous IntegrationPreetam Palwe
 
Evolution of Software Engineering in NCTR Projects
Evolution of Software Engineering in NCTR  Projects   Evolution of Software Engineering in NCTR  Projects
Evolution of Software Engineering in NCTR Projects Mohammed Abbas
 
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 201810 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018Lemi Orhan Ergin
 
Behavior Driven Development—A Guide to Agile Practices by Josh Eastman
Behavior Driven Development—A Guide to Agile Practices by Josh EastmanBehavior Driven Development—A Guide to Agile Practices by Josh Eastman
Behavior Driven Development—A Guide to Agile Practices by Josh EastmanQA or the Highway
 
Tdd 4 everyone full version
Tdd 4 everyone full versionTdd 4 everyone full version
Tdd 4 everyone full versionLior Israel
 
Risk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
Risk Mitigation Using Exploratory and Technical Testing | QASymphony WebinarRisk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
Risk Mitigation Using Exploratory and Technical Testing | QASymphony WebinarQASymphony
 

What's hot (20)

Waste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia MeetupWaste Driven Development - Agile Coaching Serbia Meetup
Waste Driven Development - Agile Coaching Serbia Meetup
 
Fighting with Waste Driven Development - XP Days Ukraine 2017
Fighting with Waste Driven Development - XP Days Ukraine 2017Fighting with Waste Driven Development - XP Days Ukraine 2017
Fighting with Waste Driven Development - XP Days Ukraine 2017
 
Digital transformation testing.
Digital transformation testing. Digital transformation testing.
Digital transformation testing.
 
Solving the 3 Biggest Questions in Continuous Testing
Solving the 3 Biggest Questions in Continuous TestingSolving the 3 Biggest Questions in Continuous Testing
Solving the 3 Biggest Questions in Continuous Testing
 
Clean Software Design: The Practices to Make The Design Simple
Clean Software Design: The Practices to Make The Design SimpleClean Software Design: The Practices to Make The Design Simple
Clean Software Design: The Practices to Make The Design Simple
 
How to Embed Codeless Test Automation Into DevOps
How to Embed Codeless Test Automation Into DevOpsHow to Embed Codeless Test Automation Into DevOps
How to Embed Codeless Test Automation Into DevOps
 
Taming Big Balls of Mud with Diligence, Agile Practices, and Hard Work
Taming Big Balls of Mud with Diligence, Agile Practices, and Hard WorkTaming Big Balls of Mud with Diligence, Agile Practices, and Hard Work
Taming Big Balls of Mud with Diligence, Agile Practices, and Hard Work
 
Agile archiecture iltam 2014
Agile archiecture   iltam 2014Agile archiecture   iltam 2014
Agile archiecture iltam 2014
 
agile vs. traditional methodologies
agile vs. traditional methodologies agile vs. traditional methodologies
agile vs. traditional methodologies
 
Evolution of Agile Testing
Evolution of Agile TestingEvolution of Agile Testing
Evolution of Agile Testing
 
Unwritten Manual for Pair Programming
Unwritten Manual for Pair ProgrammingUnwritten Manual for Pair Programming
Unwritten Manual for Pair Programming
 
Waterfallacies V1 1
Waterfallacies V1 1Waterfallacies V1 1
Waterfallacies V1 1
 
Agile vs. DevOps for Continuous Testing: How to Optimize Your Pipeline
Agile vs. DevOps for Continuous Testing: How to Optimize Your PipelineAgile vs. DevOps for Continuous Testing: How to Optimize Your Pipeline
Agile vs. DevOps for Continuous Testing: How to Optimize Your Pipeline
 
Agile Engineering Practices
Agile Engineering PracticesAgile Engineering Practices
Agile Engineering Practices
 
Continuous Integration
Continuous IntegrationContinuous Integration
Continuous Integration
 
Evolution of Software Engineering in NCTR Projects
Evolution of Software Engineering in NCTR  Projects   Evolution of Software Engineering in NCTR  Projects
Evolution of Software Engineering in NCTR Projects
 
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 201810 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
10 Faulty Behaviors of Code Review - Developer Summit Istanbul 2018
 
Behavior Driven Development—A Guide to Agile Practices by Josh Eastman
Behavior Driven Development—A Guide to Agile Practices by Josh EastmanBehavior Driven Development—A Guide to Agile Practices by Josh Eastman
Behavior Driven Development—A Guide to Agile Practices by Josh Eastman
 
Tdd 4 everyone full version
Tdd 4 everyone full versionTdd 4 everyone full version
Tdd 4 everyone full version
 
Risk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
Risk Mitigation Using Exploratory and Technical Testing | QASymphony WebinarRisk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
Risk Mitigation Using Exploratory and Technical Testing | QASymphony Webinar
 

Viewers also liked

Improving Development Productivity: Static Analysis and Continuous Integration
Improving Development Productivity: Static Analysis and Continuous IntegrationImproving Development Productivity: Static Analysis and Continuous Integration
Improving Development Productivity: Static Analysis and Continuous IntegrationKlocwork
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Klocwork
 
Code Review | 2010
Code Review | 2010Code Review | 2010
Code Review | 2010Klocwork
 
Advanced Architecture Analysis | January 2010
Advanced Architecture Analysis | January 2010Advanced Architecture Analysis | January 2010
Advanced Architecture Analysis | January 2010Klocwork
 
Klocwork_Detected_Java_Defects
Klocwork_Detected_Java_DefectsKlocwork_Detected_Java_Defects
Klocwork_Detected_Java_DefectsAbrarMoiz
 
Using static analysis tools within continuous integration systems
Using static analysis tools within continuous integration systemsUsing static analysis tools within continuous integration systems
Using static analysis tools within continuous integration systemsRogue Wave Software
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerLuminary Labs
 

Viewers also liked (8)

Improving Development Productivity: Static Analysis and Continuous Integration
Improving Development Productivity: Static Analysis and Continuous IntegrationImproving Development Productivity: Static Analysis and Continuous Integration
Improving Development Productivity: Static Analysis and Continuous Integration
 
Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009Introducing: Klocwork Insight Pro | November 2009
Introducing: Klocwork Insight Pro | November 2009
 
Code Review | 2010
Code Review | 2010Code Review | 2010
Code Review | 2010
 
Advanced Architecture Analysis | January 2010
Advanced Architecture Analysis | January 2010Advanced Architecture Analysis | January 2010
Advanced Architecture Analysis | January 2010
 
Klocwork_Detected_Java_Defects
Klocwork_Detected_Java_DefectsKlocwork_Detected_Java_Defects
Klocwork_Detected_Java_Defects
 
Using static analysis tools within continuous integration systems
Using static analysis tools within continuous integration systemsUsing static analysis tools within continuous integration systems
Using static analysis tools within continuous integration systems
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI Explainer
 

Similar to SCA in an Agile World | June 2010

Peer Code Review An Agile Process
Peer Code Review An Agile ProcessPeer Code Review An Agile Process
Peer Code Review An Agile Processgsporar
 
Agile And Open Development
Agile And Open DevelopmentAgile And Open Development
Agile And Open DevelopmentRoss Gardler
 
Markus Clermont - Surviving in an Agile Environment - Google - SoftTest Ireland
Markus Clermont - Surviving in an Agile Environment - Google - SoftTest IrelandMarkus Clermont - Surviving in an Agile Environment - Google - SoftTest Ireland
Markus Clermont - Surviving in an Agile Environment - Google - SoftTest IrelandDavid O'Dowd
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software EngineeringSibel Kuzgun AKIN
 
Agile Software Development Overview
Agile Software Development OverviewAgile Software Development Overview
Agile Software Development Overviewsunilkumar_
 
SAD07 - Project Management
SAD07 - Project ManagementSAD07 - Project Management
SAD07 - Project ManagementMichael Heron
 
Agile intro resources
Agile intro resourcesAgile intro resources
Agile intro resourcesAnwar Sadat
 
Introducing Continuous Integration Using Vsts
Introducing Continuous Integration Using VstsIntroducing Continuous Integration Using Vsts
Introducing Continuous Integration Using VstsMohamed Samy
 
Software development process basic
Software development process basicSoftware development process basic
Software development process basicAnurag Tomar
 
Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011
Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011
Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011TEST Huddle
 
A Lap Around Visual Studio 2010
A Lap Around Visual Studio 2010A Lap Around Visual Studio 2010
A Lap Around Visual Studio 2010adrian8three
 
Agile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAgile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAdam Stephensen
 
DevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseJames Wickett
 
The Development Of Software Development
The Development Of Software DevelopmentThe Development Of Software Development
The Development Of Software DevelopmentMelissa Luster
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged James Wickett
 
Why Agile? Why Now? IPMA Forum 2009
Why Agile? Why Now?   IPMA Forum 2009Why Agile? Why Now?   IPMA Forum 2009
Why Agile? Why Now? IPMA Forum 2009skipangel
 
Agile Engineering
Agile EngineeringAgile Engineering
Agile EngineeringJohn Lewis
 
Part5 - enforcing coding standard and best practices with jas forge v1.0
Part5 -  enforcing coding standard and best practices with jas forge v1.0Part5 -  enforcing coding standard and best practices with jas forge v1.0
Part5 - enforcing coding standard and best practices with jas forge v1.0Jasmine Conseil
 
Agile: Developing Software at the Pace of Information
Agile: Developing Software at the Pace of InformationAgile: Developing Software at the Pace of Information
Agile: Developing Software at the Pace of InformationInnoTech
 
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)Hui (Henry) Chen
 

Similar to SCA in an Agile World | June 2010 (20)

Peer Code Review An Agile Process
Peer Code Review An Agile ProcessPeer Code Review An Agile Process
Peer Code Review An Agile Process
 
Agile And Open Development
Agile And Open DevelopmentAgile And Open Development
Agile And Open Development
 
Markus Clermont - Surviving in an Agile Environment - Google - SoftTest Ireland
Markus Clermont - Surviving in an Agile Environment - Google - SoftTest IrelandMarkus Clermont - Surviving in an Agile Environment - Google - SoftTest Ireland
Markus Clermont - Surviving in an Agile Environment - Google - SoftTest Ireland
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software Engineering
 
Agile Software Development Overview
Agile Software Development OverviewAgile Software Development Overview
Agile Software Development Overview
 
SAD07 - Project Management
SAD07 - Project ManagementSAD07 - Project Management
SAD07 - Project Management
 
Agile intro resources
Agile intro resourcesAgile intro resources
Agile intro resources
 
Introducing Continuous Integration Using Vsts
Introducing Continuous Integration Using VstsIntroducing Continuous Integration Using Vsts
Introducing Continuous Integration Using Vsts
 
Software development process basic
Software development process basicSoftware development process basic
Software development process basic
 
Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011
Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011
Ben Walters - Creating Customer Value With Agile Testing - EuroSTAR 2011
 
A Lap Around Visual Studio 2010
A Lap Around Visual Studio 2010A Lap Around Visual Studio 2010
A Lap Around Visual Studio 2010
 
Agile & DevOps - It's all about project success
Agile & DevOps - It's all about project successAgile & DevOps - It's all about project success
Agile & DevOps - It's all about project success
 
DevOps for Defenders in the Enterprise
DevOps for Defenders in the EnterpriseDevOps for Defenders in the Enterprise
DevOps for Defenders in the Enterprise
 
The Development Of Software Development
The Development Of Software DevelopmentThe Development Of Software Development
The Development Of Software Development
 
DevOps for the Discouraged
DevOps for the Discouraged DevOps for the Discouraged
DevOps for the Discouraged
 
Why Agile? Why Now? IPMA Forum 2009
Why Agile? Why Now?   IPMA Forum 2009Why Agile? Why Now?   IPMA Forum 2009
Why Agile? Why Now? IPMA Forum 2009
 
Agile Engineering
Agile EngineeringAgile Engineering
Agile Engineering
 
Part5 - enforcing coding standard and best practices with jas forge v1.0
Part5 -  enforcing coding standard and best practices with jas forge v1.0Part5 -  enforcing coding standard and best practices with jas forge v1.0
Part5 - enforcing coding standard and best practices with jas forge v1.0
 
Agile: Developing Software at the Pace of Information
Agile: Developing Software at the Pace of InformationAgile: Developing Software at the Pace of Information
Agile: Developing Software at the Pace of Information
 
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
NYIT DSC/ Spring 2021 - Introduction to DevOps (CI/CD)
 

Recently uploaded

Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServiceRenan Moreira de Oliveira
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 

Recently uploaded (20)

Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer ServicePicPay - GenAI Finance Assistant - ChatGPT for Customer Service
PicPay - GenAI Finance Assistant - ChatGPT for Customer Service
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 

SCA in an Agile World | June 2010

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.

Editor's Notes

  1. Introduce variable = introducewayariablevayRename = enameray
  2. Good chance to wrap-up and pitch the ROI. Mention that as the customer goes through the POC w/ Klocwork we’ll develop an ROI based on their defect data & assumptions.Assumptions:10 person team (fairly standard size), 2 week iterations, 5 stories/iteration based on experience with various teams/customers, each story creates about 300 LOCBug Detection:Based on data from our customer base, SCA finds approximately 3 bugs for every 1000 LOC. In a case study (from Johns Hopkins...which isn’t yet available, so don’t quote), this customer determined that by using SCA (Klocwork) they were able to save 4 hours/bug.Developers now have an additional 18 hours/iteration to work on new stories rather than fixing defects.Refactoring:Refactoring is all about making your code more inheritable for the next developer who may work on it. In this case, the savings is small per developer, about ¼ of an hour.Developers now have an additional 12.5 hours to work on stories, since they are able to understand the intent of the code quickly.Code Review:Assumption – Code review includes 4 developers in a 1 hour meeting (for a total of 4 developer hours)In a study done at the Royal Military College of Canada, it was determined that developers were 50% more efficient when allowed to review code when/where they wanted to (i.e. Reading it on their desktop) than by performing the same code review in a meeting. Developers now have an additional 10 hours to work on productive development activities.Real world ROI examplesLLNL - http://www.nxtbook.com/nxtbooks/sqe/bettersoftware0708/index.php?startid=36Moto – from Motorola case study http://www.klocwork.com/resources/case-study/motorolaMentor – from Kevin Pendleton customer quote