|
INDUSTRY WATCH: That Certain Quality
By David Rubinstein
 May 15, 2004 — Software quality means different things to different people. To some, it means the number of bugs in an application. To others, it refers to response times, or even availability. For others still, it’s about plugging security vulnerabilities.
Regardless of the approach, it’s clear that business executives have awoken and come to see how much of their business rides on software that functions properly, is always available and is safe. The mandates coming down from boardrooms everywhere are getting louder and louder. And software vendors are starting to hear, as witnessed by new offerings from many different software vendors. Three of the companies’ offerings highlight the different approaches to achieving quality software.
Longtime test and performance tool vendor Segue Software Inc. this month is delivering the Silk Central Quality Optimization Platform, designed to organize a company’s efforts to deliver and maintain quality software. Andre Pino, Segue’s chief marketing officer, noted three trends in application development that are exposing the current develop-test-QA cycle as wholly inefficient: the compression of business application cycles, the increase in the number of mission-critical applications within an organization, and the growing complexity of applications and environments, which Pino said will only be exacerbated by the proliferation of Web services.
“Testing has to take place earlier in the development cycle, and QA people need visibility into the tests developers are running as they develop their applications,” he said. The Silk Central framework is at the heart of what Segue is calling the Silk Common Architecture and consists of a set of APIs for plugging in management and test engines—Silk’s and other vendors’ tools—and includes a scheduler, a repository, an asset manager and a reporting engine. Also, Silk has created three new management modules, for testing in predeployment, performance monitoring in post-deployment, and issue tracking and reporting throughout the life cycle.
“There are organizational changes taking place,” Pino said. “It’s all about streamlining the QA process from beginning to end, and the only way to streamline is to formalize the test process earlier. Organizations are shifting to a position where they have a group across the enterprise to ensure quality throughout the entire application infrastructure.”
At Ottawa-based start-up Klocwork, quality is improved when the process of assessing your assets is automated. “Understanding the structure of software is key,” said Chris Federko, vice president of product marketing. “How has the structure eroded over time? How do you fix it and maintain it? Sometimes, you can fix something here and break something over there.”
The company on May 10 released version 6.0 (the project was begun at Nortel Networks in 1996) of its Klocwork four-part static analysis solution, which includes a system-level analyzer, an architecture visualization tool, a metrics dashboard and a developer desktop. Among the highlights of the release are Eclipse integration (it already could be used with Visual Studio .NET and Visual Studio 6), the ability to publish architectural models with annotations, and a means of choosing different types of analysis to get very focused reports. “You can turn on or off a particular type of error or a section of code,” Federko explained. “You might have 5 million lines of code, but you’re not working on all 5 million lines.”
Typical static analysis tools can provide too much information, Federko said. “It’s difficult to action that much information,” he said.
Another start-up, Coverity Inc., believes software quality is improved when developers are asked to do code analysis to find any vulnerabilities that could affect performance.
“Testing is fundamentally different from code analysis,” said Seth Hallem, president of Coverity. “Developers are hitting the wall because testing for security is like expecting the unexpected. How can you test for something you didn’t anticipate? Code analysis comes in by looking at every possible behavior of a program and checking for serious mistakes. Vulnerabilities often fall into known violations of software development practices.”
Coverity’s product is SWAT, a C/C++ code analyzer that searches for vulnerability hotbeds. “We intercept inside the build process and funnel code as it gets built through our front end while the analysis is done on the back end,” Hallem said. No one person can look down all the paths of an application in their head, but the tool can do that, he explained.
“Developers don’t want the responsibility” for testing, he added, “but they also don’t want to be fired for producing vulnerable code.”
Like it or not, developers are being told to get involved in more detailed testing processes. Businesses realize the benefits of catching problems earlier in development; the costs they save could help those developers keep their jobs.
David Rubinstein is editor of SD Times. |
|
| Data Watch |
What Types of Operating Systems are Industrial Automation Developers Using?
Click Here To See.
|
|
Advertisement
Click here for a complete listing of Industry Watch Columns
Click here to see a complete Column Archive. |
Back to Top
|