This week Oracle is running Oracle OpenWorld and JavaOne together, and it’s been a lot of fun to look at the press and sessions running at the show. Like so many other aspects of the Internet of Things, the nebulous term has been associated with sessions in various verticals from Autos to Oil and Gas.
Java dominates a lot of IOT development from the embedded sensors to the server farms. In theory, Java is the most secure strategy you can use to develop IOT solutions. However, when it comes to security my father’s adage, “Never assume malice, when incompetence is an equal answer” applies.
The segmentation between great coders and bad coders is quite wide, and as Steve Jobs pointed out in a group of ten coders, the one great coder does the work of 10 coders, while the bad coder makes you use resources of the another two coders. Unfortunately, it’s rare that a great coder wants to support their work for the rest of the life, so they move on leaving the remaining six coders the job of maintenance and updates.
So the press announcement from Coverity (a Synopsys company Nasdaq:SNPS ) caught my eye with this quote.
“There are more than six million professional software developers in the world writing at least 60 million lines of code every day, which means the need for a simple-to-use, lightweight process for testing software quality and security has never been more critical,” said Dennis Chu, senior product manager for Coverity. “With Code Spotter, we’ve aimed to do just that by expanding our SaaS offerings to provide even more developers across the globe with tools that make it easier to produce high-quality software.”
Coverity’s Code Spotter is a cloud-based service that is in beta now and is available for free for as much code as you want and for the two who are managing the one bad coder or the six that are maintaining what once was great code, the opportunity exists to have Code Spotter verify your code.
“The service is designed to find the most common and critical issues in Java code bases, including resource leaks, race conditions, concurrency issues, control flow issues, null pointer dereferences, issues detected by the open source FindBugs tool, copy and paste errors, and many other software defects resulting in incorrect or unpredictable program behavior. Code Spotter works by integrating with developers’ build systems. It intercepts and compiles the source code files that are part of a project, and then uploads them to the Code Spotter servers for analysis. Once the analysis job is complete, developers can examine the results on the Code Spotter website or download the results for review locally.”
You can sign up for a free Code Spotter account, has plugins for Eclipse and Maven and features GitHub integration as well.
As more and more sensors and processors the potential for security leaks increases. Coverity’s Code Spotter is a good tool for those of us who want to write great code, but maybe need some outside validation.
Edited by
Maurice Nagle