Experimenting static analysis on proprietary code

An industrial perspective

Galoh Rashidah Haron, Khairul Azmi Abu Bakar 

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We performed an experiment to seek the true value of static code analysis. It is claimed to be efficient in detecting software defects within source code. We developed a software to handle communication and cryptographic functions for a smart card. We performed manual code review on the source code, tested and released it as a commercial product. Based on the released software, we perform an automated code review using static code analysis tools. We collect the static defects and understand the pattern defects generated by the tools. Based on the experimental data, we share the strengths and weaknesses of static code analysis.

Original languageEnglish
Title of host publication22nd International Conference on Software Engineering and Data Engineering, SEDE 2013
Pages13-18
Number of pages6
Publication statusPublished - 1 Dec 2013
Externally publishedYes
Event22nd International Conference on Software Engineering and Data Engineering, SEDE 2013 - Los Angeles, CA, United States
Duration: 25 Sep 201327 Sep 2013

Other

Other22nd International Conference on Software Engineering and Data Engineering, SEDE 2013
CountryUnited States
CityLos Angeles, CA
Period25/9/1327/9/13

Fingerprint

Static analysis
Defects
Smart cards
Communication
Experiments

ASJC Scopus subject areas

  • Software

Cite this

Haron, G. R., & Abu Bakar , K. A. (2013). Experimenting static analysis on proprietary code: An industrial perspective. In 22nd International Conference on Software Engineering and Data Engineering, SEDE 2013 (pp. 13-18)

Experimenting static analysis on proprietary code : An industrial perspective. / Haron, Galoh Rashidah; Abu Bakar , Khairul Azmi.

22nd International Conference on Software Engineering and Data Engineering, SEDE 2013. 2013. p. 13-18.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Haron, GR & Abu Bakar , KA 2013, Experimenting static analysis on proprietary code: An industrial perspective. in 22nd International Conference on Software Engineering and Data Engineering, SEDE 2013. pp. 13-18, 22nd International Conference on Software Engineering and Data Engineering, SEDE 2013, Los Angeles, CA, United States, 25/9/13.
Haron GR, Abu Bakar  KA. Experimenting static analysis on proprietary code: An industrial perspective. In 22nd International Conference on Software Engineering and Data Engineering, SEDE 2013. 2013. p. 13-18
Haron, Galoh Rashidah ; Abu Bakar , Khairul Azmi. / Experimenting static analysis on proprietary code : An industrial perspective. 22nd International Conference on Software Engineering and Data Engineering, SEDE 2013. 2013. pp. 13-18
@inproceedings{815479650fee4d80821a9fe25be7c6ce,
title = "Experimenting static analysis on proprietary code: An industrial perspective",
abstract = "We performed an experiment to seek the true value of static code analysis. It is claimed to be efficient in detecting software defects within source code. We developed a software to handle communication and cryptographic functions for a smart card. We performed manual code review on the source code, tested and released it as a commercial product. Based on the released software, we perform an automated code review using static code analysis tools. We collect the static defects and understand the pattern defects generated by the tools. Based on the experimental data, we share the strengths and weaknesses of static code analysis.",
author = "Haron, {Galoh Rashidah} and {Abu Bakar }, {Khairul Azmi}",
year = "2013",
month = "12",
day = "1",
language = "English",
isbn = "9781629933115",
pages = "13--18",
booktitle = "22nd International Conference on Software Engineering and Data Engineering, SEDE 2013",

}

TY - GEN

T1 - Experimenting static analysis on proprietary code

T2 - An industrial perspective

AU - Haron, Galoh Rashidah

AU - Abu Bakar , Khairul Azmi

PY - 2013/12/1

Y1 - 2013/12/1

N2 - We performed an experiment to seek the true value of static code analysis. It is claimed to be efficient in detecting software defects within source code. We developed a software to handle communication and cryptographic functions for a smart card. We performed manual code review on the source code, tested and released it as a commercial product. Based on the released software, we perform an automated code review using static code analysis tools. We collect the static defects and understand the pattern defects generated by the tools. Based on the experimental data, we share the strengths and weaknesses of static code analysis.

AB - We performed an experiment to seek the true value of static code analysis. It is claimed to be efficient in detecting software defects within source code. We developed a software to handle communication and cryptographic functions for a smart card. We performed manual code review on the source code, tested and released it as a commercial product. Based on the released software, we perform an automated code review using static code analysis tools. We collect the static defects and understand the pattern defects generated by the tools. Based on the experimental data, we share the strengths and weaknesses of static code analysis.

UR - http://www.scopus.com/inward/record.url?scp=84894168969&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84894168969&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9781629933115

SP - 13

EP - 18

BT - 22nd International Conference on Software Engineering and Data Engineering, SEDE 2013

ER -