Metrics for Agile Development Teams

By Niroshan RajaduraiFebruary 5, 2018January 5, 2019 Strategy automated testing, Continuous delivery, continuous integration, dynamic testing, Process Health Metrics, Product Development Metrics, Release Metrics, scorecard, static analysis, Technical / Code Metrics

Software Engineering Scoreboard listing of metrics for software development teams to consider. The categories include Technical / Code Metrics, Product Development Metrics, Release Metrics and Process Health Metrics.

The internet of automotive security risks

By Niroshan RajaduraiNovember 30, 2017January 5, 2019 In the News automated testing, cve, cwe, fuzz testing, ISO 26262, Safety Standards, shift left, software security, static analysis

With consumer paranoia about security at an all-time high, does automotive software development need to up its game in the quality stakes?

Migrate and Modernise Old Applications: How Difficult Can It Be? Or, Remember Fortran, Anyone?

By Niroshan RajaduraiNovember 21, 2017January 5, 2019 Strategy automated testing, automatic test case generation, cwe, dynamic testing, Legacy Software, static analysis

This article was inspired by a NASA competition announcement early in 2017 seeking help to update an old FORTRAN application. Here, we examine what’s the best course of action for migrating legacy applications to a modern environment – bugs and all.

Actionable Intelligence For Software Security

By aiqNovember 15, 2017December 5, 2018 Quality cve, cwe, dast, false positive, fuzz testing, sast, software security, static analysis, test autimation

It’s a commonly held belief that applying static analysers alone can help spot and eradicate common security issues. However, with the high number of false positives reported when using static analysis, it makes knowing if you have detected a real error a time-consuming process, and the mitigation plans put in place might have just hidden the error under a false negative. But what are the alternatives?

Dynamic analysis can be used for detecting potential vulnerabilities in today’s embedded environments. And pairing dynamic and static analysis creates ‘actionable intelligence’ for developers, and allows them to quickly ascertain the absence of obvious reliability issues.