This presentation reviews recent developments in code analysis as well as the history of static analysis in commercial software and its evolution in the academic world. It provides an overview of the current commercial landscape, and conclude with best practices for organizations looking to bring static analysis into their software development environment and software testing practices.
Historically, static code analysis has been widely used to identify defined sets of security issues via overnight runs across entire code bases. A recent trend has been the evolution of static analysis methods and tools to:
1. become much more scalable and
2. leverage machine learning to substantially improve code quality.
These improvements allow a much tighter integration of these software quality assurances practices into modern agile development processes. At the same time, the scope of these code analysis tools has broadened from purely security-relevant bugs to performance and reliability issues like memory leaks and data races. Google and Facebook have pioneered a new model of static analysis deployment that involves improving developer productivity via broad deployment of extremely scalable static analysis (billions of lines of code / thousands of commits per day).
Video producer: https://gotocph.com/