Static Analysis Deployment Pitfalls
نویسنده
چکیده
Organizational, political, and configuration mistakes in the deployment of a static source code analysis tool can eliminate most of its benefits, even while apparently meeting management goals. A list of pitfalls encountered as a static analysis consultant is presented, with discussion of techniques for avoiding or mitigating them. This article is part of a work in progress, tentatively entitled “Deploying Static Analysis.”
منابع مشابه
Architecture-Level Support for Software Component Deployment in Resource Constrained Environments
Software deployment comprises activities for installing or updating an already implemented software system. These activities include (1) deployment of a system onto a new host, (2) component upgrade in an existing system, (3) static analysis of the proposed system configuration, and (4) dynamic analysis of the configuration after the deployment. In this paper, we describe an approach that suppo...
متن کاملStatic Analysis for the PHP Language
This report presents the work that was done to implement a static analysis tool for the PHP programming language. The kind of analysis done by the compiler or by the multiple development environments are very limited. This tool aims at providing further feedback to a developer by checking for multiple bug conditions or mis-uses of the language and should reduce the risk of encountering fatal er...
متن کاملTowards Adoption of DNSSEC: Availability and Security Challenges
DNSSEC deployment is long overdue; however, it seems to be finally taking off. Recent cache poisoning attacks motivate protecting DNS, with strong cryptography, rather than with challenge-response ‘defenses’. Our goal is to motivate and help correct DNSSEC deployment. We discuss the state of DNSSEC deployment, obstacles to adoption and potential ways to increase adoption. We then present a comp...
متن کاملMeasurements or Static Analysis or Both?
To date, measurement-based WCET analysis and static analysis have largely been seen as being at odds with each other. We argue that instead they should be considered complementary, and that the combination of both represents a promising approach that provides benefits over either individual approach. In this paper we discuss in some detail how we aim to improve on our probabilistic measurement-...
متن کاملA Unified Approach for Static and Runtime Verification: Framework and Applications
Static verification of software is becoming ever more effective and efficient. Still, static techniques either have high precision, in which case powerful judgements are hard to achieve automatically, or they use abstractions supporting increased automation, but possibly losing important aspects of the concrete system in the process. Runtime verification has complementary strengths and weakness...
متن کامل