Recent Posts Tagged With 'nasty bugs'

• From Static Analysis to 0day Exploit – a demonstration

  Posted on Wednesday December 9th, 2009 at 16:32 in static analysis, software security, software quality, nasty bugs, buffer overrun, 0day exploit

  I have always been fascinated by the whole area of code vulnerabilities and security exploits and how hackers turn those issues into real-world problems for the rest of us. Jeremy Brown posted an interesting article on Jeremy’s Computer Secur...

• “I’m gonna write me a new minivan” – is zero software bugs the right goal?

  Posted on Tuesday October 27th, 2009 at 14:16 in bugs, agile development, nasty bugs, general industry

  I have always loved “I’m gonna write me a new minivan”  from Scott Adams.  To me, it never gets old.  Originally published in 1998, the theme that applied then still does today: driving 100% of defects or bugs out of the code-...

• Top 5 Java quality bugs

  Posted on Tuesday October 13th, 2009 at 09:58 in java, bugs, software quality, embedded development, nasty bugs, general coding

  In a previous posts I reviewed the Top 5 C/C++ and Top 5 C# quality bugs that I that I see time and time again looking at customer code. I wrote my Java Top 5 with an embedded programming focus and the folks at www.embedded.com decided to publish it ...

• Top 5 C# quality bugs

  Posted on Tuesday September 1st, 2009 at 10:45 in c, static analysis, software quality, source code analysis, nasty bugs, quality bugs

  In a previous post I provided the top 5 C/C++ quality bugs that I that I see time and time again looking at customer code.  Time for the C# version: 1.    Null pointer exceptions from a method 1      ...

• Top 5 C# quality bugs

  Posted on Tuesday September 1st, 2009 at 10:45 in c, static analysis, software quality, source code analysis, nasty bugs, quality bugs

  In a previous post I provided the top 5 C/C++ quality bugs that I that I see time and time again looking at customer code.  Time for the C# version: 1.    Null pointer exceptions from a method 1                  public class A {...

• That’s nice dear, how does it work?

  Posted on Tuesday August 11th, 2009 at 09:52 in software testing, software security, software quality, nasty bugs, general industry, general coding

  Ever been faced with that glassy-eyed expression, the look of unthinking, unwholesome fear when some long, incomprehensible word escapes your geeky mouth and upsets the maiden aunts around the once-a-year, wear-your-best-tie, try-not-to-die-before-th...

• That’s nice dear, how does it work?

  Posted on Tuesday August 11th, 2009 at 09:52 in software testing, software security, software quality, source code analysis, nasty bugs, general industry, general coding, truepath

  Ever been faced with that glassy-eyed expression, the look of unthinking, unwholesome fear when some long, incomprehensible word escapes your geeky mouth and upsets the maiden aunts around the once-a-year, wear-your-best-tie, try-not-to-die-before-th...

• Top 5 C/C++ quality bugs

  Posted on Tuesday July 14th, 2009 at 10:06 in bugs, c c++, memory leaks, software quality, nasty bugs, null pointer dereference, array index out of bounds, uninitialized variables

  A recent article on the top five causes of poor software quality and top 5 non-technical mistakes inspired me to also provide a top five on software quality bugs.  Here is my top 5 list of bugs (with some simple examples) that I see time and time ag...

• Bugs and your Backlog

  Posted on Tuesday July 7th, 2009 at 12:28 in agile, bugs, backlog, agile development, iteration, nasty bugs

  There was a recent blog on whether or not you should have bugs (that were not found during the most recent iteration) added to your product backlog, or kept in a separate bug backlog. Here at Klocwork we have a defect database that is closely monitor...

• Resource Leaks in C#

  Posted on Tuesday February 3rd, 2009 at 09:13 in c, static analysis, nasty bugs, resource leaks

  I’m picking up the theme of the CWE Top 25 today (see posts below for more detail on the list itself, or check out this blog posting for a more exhaustive description) as we run into what is described as CWE-404 all the time in managed code environ...