• The value of partial code scanning, now

    27 Jun 2011

    Check out my new piece on the business value of partial code scanning where I outline why it’s better to start your source code analysis now instead of waiting around until certain milestones of your development projects are reached or your software applications are completed altogether.

    It’s kind of funny and ironic that we humans are all about instant gratification, yet with information risk issues such as source code analysis, we tend to want to wait until everything’s perfect (and way more costly) before we get started. This reminds me of the Mark Victor Hansen quote:

    “Don’t wait until everything is just right. It will never be perfect. There will always be challenges, obstacles and less than perfect conditions. So what. Get started now. With each step you take, you will grow stronger and stronger, more and more skilled, more and more self-confident and more and more successful.”

    I wrote this article in conjunction with the nice folks at Checkmarx who happen to produce the best static source code analysis tool I’ve usedespecially given its price compared to the competition – it’s not even in the same galaxy as some of the others out there. Definitely worth checking out.