An industry I recently got some exposure into was centered around detecting software defects. Bugs as they are known to developers, can be benign or catastrophic. Software companies devote a lot of time to identify software defects before the products are shipped to customers. Usually I found this was done through some type of QA Dept. or testing lab. They had a series of tests that would be run having the software used through specific patterns in order to make sure everything worked correctly. This process used to be run manually and some companies still do it this way, but there are tools available that can run what is called a Dynamic Test that can automate the process. This Dynamic test works well when predefined processes are laid out, but rarely find bugs that rest in the true paths of the source code.
Another type of tool available is called Static Analysis. The idea has been around for years and usually resulted in so many false positives that it was like looking for a needle in a haystack when it came to real software defects. There are a few players in this space but only one true leader in my opinion.
What a company wants is the ability to scan their code and see what bugs are found and have the ability to correct them quickly. Klocwork has been around for quite a while and has a tight grasp of the field and they tout the big name customers they work with. Coverity is another player in the market and though they say they are the leaders, it is yet to be seen since they always seem to be riding Klocworks coat-tails when it comes to product features and even their website redesign.
Your software company is only as good as your code and going to market with clean code could be the make or break for your product. The competition is fierce for most applications even if you are innovative because once you release, someone is right behind you with a knockoff product to grab some market share. I know I am preaching to the choir here. Running a static analysis through the entire source tree is something every developer should do to identify the defects that can cause your application to crash and burn. Try out both of these analysis tools and see what is identified in your code. Who found the most defects? How many of them are false positives?
The trials really set the bar for the experience you will have with these companies down the road as your code grows. Settling for the second best when it comes to this standard is like settling for a release of ‘decent’ product. Klocwork and Coverity are running full steam to be the leader with Klockwork with a good head start. That isn’t to say that Coverity cannot come up from behind but recent indications is leaning toward a long uphill battle.
I know this is a random post for this blog but I thought I would share my thoughts.