Tag: Quality

Eagle Investment Systems: Ensuring Software Quality & Security with Coverity

Eagle Investment Systems is a financial servicestechnology firm. Our objective is to help our customers to grow their assets efficiently. We provide data management, accounting and performance solutions to a global client baseand as a result of being wholly owned by BN MELLON? we can offer a number of differentservices from either an on premise …

The difference between software quality and security defects

Both quality and security defects are bugs,right.

They’re software defects at the end of the day.

It’s really the effect of thosedefects, and who can exploit them and in what way that makes them a quality or securityproblem.

Now, I think developers tend to be less well trained on security as a group.

Quality problems, they tend to be able to recognize better and be able to fix better.

But ultimately these are code level problems and as such, I don’t think there’s reallya clear line between the two.

If you look at many programs, and many programming languages,the exact same bug could be both quality problem and security problem.

And I that that blurringis not necessarily a bad thing, it’s a good thing, because it makes developers realizethat they need to look at the quality and the security of the software together, inorder to get it right.

Source: Youtube

Coverity and Synopsys: Providing Software Quality and Security

So as you heard Aart talk about in his keynote,about a month ago we signed an agreement to acquire Coverity that enters for us the SoftwareQuality and Analysis measurement market.

You can see this is a large market.

It’s about500 million dollars today according to IDC and growing pretty rapidly, about 20 percentper year.

The good news is that with this announcement, we enter this market as theleader.

So why is this market growing so rapidly.

Well I think it’s obvious to everyone that the role of software in the world is justdramatically exploding.

We see in our traditional customer base, and among the companies thatare here at SNUG, many many companies are hiring more software engineers than hardwareengineers today.

And then you look outside of the companies that are attending SNUG today,and many many industries are basically based on software.

Their main differentiation ison software.

They are essentially software companies, whether they are energy companiesor retail companies or telecommunications companies or oil and gas companies.

It’sall built on a software infrastructure.

And if you think about software, it has reallychanged, how we’ve developed software, very much over the last 20 years.

Software is stilldeveloped more or less like cars were developed a hundred years ago.

We write the software.

We get in it, we drive it along and we wait for a wheel to fall off.

And when that happens,we figure out why the wheel fell off, slap it back on, get back in the car and go a littlebit further down the road, and figure out why that wheel came off, etc.

etc.

So this is great but it is really not going to work moving forward.

You see all the timethe cost of software defects exploding.

As a matter of fact, this is probably one ofthe major items in the nightly news.

Now it has always been a problem.

All the way backin 1962, software was destroying space crafts but back then, it was probably a yearly occurrence.

Now you can’t turn on the tv without learning about some major corporation that’s beenembarrassed or practically destroyed or lost 10 percent of their revenue or lost a bunchof their market cap or lost 500 million dollars in just a few minutes because of some defectin software.

So it’s hard to say exactly how much thisis really costing the world but there have been a couple of attempts.

Back in 2002, theNational Institute of Standards estimated that software defects were costing the U.

S.

Economy about 60 billion dollars at that time.

More recently Cambridge University, in 2011,came out with a study in 2012, saying that software defects cost the world economy somethingover 300 billion dollars.

So the scary part isn’t so much what happens now, the 300billion dollars that we’re spending on software defects now.

But it’s really what happensfive and ten years from now if this problem doesn’t get solved.

Right now, softwareis… I think we’re ending the era of flat software.

I’ve talked to customers in thelast month that have 500 million lines of software.

But mostly, it’s just sittingthere and one piece of it is executing at a time.

Now we’re entering an era wherewe’re going to have software in our cars, interacting with navigation systems, drivingour cars for us or at least assisting us, getting much much more complicated.

Much muchmore interactive.

And we just can’t afford to continue forward and end up spending trillionsof dollars in the world working on software defects.

So what can we do about this.

I think it’s time to put some real engineering power behindthis.

You saw this slide that Aart talked about this morning.

This was essentially the‘what if’ slide that launched Synopsys.

And the idea here was, what if a developercan come up with a high level design description, run it through some Secret Technology X, andcome out with a correct schematic.

Wouldn’t that be wonderful.

And that’s really theinnovation that launched the digital revolution.

I mean, there were many.

But without logicsynthesis, we would not have the computers and the mobile technology etc.

that we havetoday, that is essentially driving everything.

So in software, is it possible to do somethingsimilar.

What if there was a software developer and instead of coming up with a concept fora chip, he was writing software.

He was writing C code and I’m sure most of you have alreadydiscerned the bug in that code there… That’s a little piece of bad code.

Unfortunately,the bug in there is one that is going to be intermittent and very hard to find becauseit’s not going to act the same way every time you find it.

But it’s an easy bug toadd.

We all do it, all the time.

In all my coding, every day, I do the same thing.

Whatif you were able to come up with a Technology Y that would go in and identify, without runningand waiting for the wheel to fall off, identify exactly what’s wrong with the code.

Goingback and telling the developer.

Maybe even eventually fixing it for him and allowingyou to spit out good code right after that.

That would be pretty important.

And that’sexactly what Coverity does.

Source: Youtube