[guardian-dev] coverity scan

Frank Rieger frank at ccc.de
Tue Aug 28 12:37:35 EDT 2012


On 28.08.2012, at 17:50, Hans-Christoph Steiner wrote:
> 
> http://scan.coverity.com/
> 
> I wonder if its worth trying to get our software into their service.

These scans actually produce results with a tendency of around 30%-40% falso positives, which are often  bad / unelegant programming anyway. In general my overall experience is to take all offers to look for problems in the codebase as they reduce the number of (potential) problems. The drawback is that you may sit on a large volume of suspected problems with a false-positive-rate that depends on fitness of the tool for the purpose at hand.

Greetings from Berlin,

Frank



More information about the Guardian-dev mailing list