SLIDE 1
GenevaJug
Quality metrics: Nutritional Labels for Code
- G. Ann Campbell
@GAnnCampbell
Quality metrics: Nutritional Labels for Code G. Ann Campbell - - PowerPoint PPT Presentation
Quality metrics: Nutritional Labels for Code G. Ann Campbell - - PowerPoint PPT Presentation
Quality metrics: Nutritional Labels for Code G. Ann Campbell @GAnnCampbell GenevaJug Why is this important? Software is Everywhere Software is everywhere https://www.lifewire.com/the-8-best-smart-home-products-4034624 Software is everywhere
SLIDE 2
SLIDE 3
Software is everywhere
https://www.lifewire.com/the-8-best-smart-home-products-4034624
SLIDE 4
Software is everywhere
https://www.lifewire.com/the-8-best-smart-home-products-4034624
SLIDE 5
Software is everywhere
https://www.lifewire.com/the-8-best-smart-home-products-4034624
SLIDE 6
Software is everywhere
http://www.makeuseof.com/tag/9-stupidest-smart-home-appliances/
SLIDE 7
Software is everywhere
https://www.wareable.com/smart-home/best-smart-kitchen-devices
SLIDE 8
Software is everywhere
http://www.makeuseof.com/tag/9-stupidest-smart-home-appliances/
SLIDE 9
Software is everywhere
SLIDE 10
Software is everywhere
SLIDE 11
Software is everywhere
SLIDE 12
Software is written by people
People make mistakes
SLIDE 13
http://www.theverge.com/2017/1/10/14225716/apple-macbook-pro-consumer-reports-battery-life-issue-update-bug
SLIDE 14
http://www.sciencealert.com/a-bug-in-fmri-software-could-invalidate-decades-of-brain-research-scientists-discover
SLIDE 15
https://www.theregister.co.uk/2016/07/13/coding_error_costs_citigroup_7m/
SLIDE 16
https://www.bleepingcomputer.com/news/security/about-90-percent-of-smart-tvs-vulnerable-to-remote-hacking-via-rogue-tv-signals/
SLIDE 17
https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/
SLIDE 18
https://techcrunch.com/2017/02/23/major-cloudflare-bug-leaked-sensitive-data-from-customers-websites/
SLIDE 19
http://www.softwaretestingnews.co.uk/hackers-exploit-software-bug-breach-canadian-government-agency-site/
SLIDE 20
http://www.bbc.com/news/technology-35167191
SLIDE 21
http://news.softpedia.com/news/medical-equipment-crashes-during-heart-procedure-because-of-antivirus-scan-503642.shtml
SLIDE 22
http://www.safetyresearch.net/blog/articles/toyota-unintended-acceleration-and-big-bowl-%E2%80%9Cspaghetti%E2%80%9D-code http://www.edn.com/design/automotive/4423428/Toyota-s-killer-firmware--Bad-design-and-its-consequences
SLIDE 23
Great.
We’re doomed
SLIDE 24
Not necessarily...
SLIDE 25
Food is everywhere too
SLIDE 26
And it can be a minefield
SLIDE 27
Nutrition labels
SLIDE 28
Nutrition labels
SLIDE 29
Static analysis
- Analyze code without executing it
- Used to find
○ Bugs ○ Bad coding practices ○ Vulnerabilities (some)
- Easy to integrate into the build process
- Wikipedia lists 30+ static analysis tools
SLIDE 30
Full disclosure
I work for SonarSource
SLIDE 31
SonarQube Quality Model
https://next.sonarqube.com/sonarqube/projects
SLIDE 32
Nutrition Labels for Code
Static Analysis
Reliability Vulnerability Maintainability
D E B
SLIDE 33
Nutrition Labels for Code
https://sonarqube.com
SLIDE 34
Why
- Analyze: If you measure it you can
improve it
- Publish: Positive peer pressure => more
publishing
- Improve: Competition => Rising tide of
improved quality
SLIDE 35
Will Consumers ‘Get it’?
- Not at first
- Simple format will help
- So will correlation in news
coverage
SLIDE 36
Recap
- Software is everywhere
- Software quality is a black box
- Publishing static analysis results
=> glass box
- Glass box => better software
SLIDE 37
@GAnnCampbell
SLIDE 38