Companies have long relied upon static analysis to secure their code, but the typical process with delayed results and high false positive rates is painful for developers and generates unnecessary work for security engineers. A recent trend is changing that. Code analysis tools are increasingly delivering better developer experiences, coverage of a broader set of bugs, and improving results over time. These improvements allow a much tighter integration into modern agile development processes, shifting left the detection of reliability and security issues. Google and Facebook have pioneered this new model of static analysis that involves broad deployment of extremely scalable analysis tools (billions of lines of code / thousands of commits per day) and have collected and published extensive data on its impact on code quality. Amazon has also used static analysis to streamline certification and compliance tasks. With development teams more distributed than ever, tools like static analysis become increasingly critical for development organizations to overcome the loss of productivity and risk to code quality.
PRO SESSION: Shifting QA Left: Emerging Trends in Code Quality and Security Automation
- PSTJoin on Hopin
Stephen Magill is the CEO of Muse Dev, a company dedicated to helping developers write their best code through code quality automation. Stephen is a world-recognized expert on program analysis and was previously a principal scientist at Galois. Prior to Galois, Stephen was a research scientist at the Institute for Defense Analysis Center for Computing Sciences and a researcher at the University of Maryland. Stephen earned his Ph.D. and M.S. in CS from Carnegie Mellon, and he has been widely published. Stephen also serves on the University of Tulsa Industry Advisory Board and numerous program committees and funding panels.