Since the beginnings of writing, people have criticized each other's
written creations. Literary, Art, and Movie critics find full time
employment detailing the shortcomings of an author's work - or praising
it, as the case may be.
A lot of software has avoided receiving the same kind of treatment. A
relatively smaller number of people are literate in programming
languages, and the texts are often kept as corporate secrets - only the
machine-executable binaries are released to the public.
Open Source is an exception to this rule. Open Source code is published
for all to see.
Coverity is a company in the business of making tools to help people
write better software. Our tools analyze source code, looking for
coding errors, and also gathering information about the architecture
and build environments that make software systems work.
A recent ACM article entitled 'A few billion lines of code later'
describes some of Coverity's findings in the commercial environment,
and the company's open source report publications describe the results of
work done for the US Department of Homeland Security.
This talk will cover what can be learned from looking at source code.
We can discover quite a bit about the tendencies of programmers, the
limitations of their work environment, and the risks that result when
code controls critical systems like cars, medical devices, and heavy
This talk is suitable for a general track. While the content of
the paper is somewhat technical, the talk will approach it from
a general 'what does this mean', 'why is this important' point of view.
problems does it solve? When is it not appropriate to use?