Have you ever run into false positives from a static source code analysis tool? What’s the best way to identify those so devs can focus on fixing real issues?

Software DevelopmentQuality, Testing and Security
393 viewscircle icon1 Upvotecircle icon2 Comments
Sort by:
Chief Techical Officer in Softwarea year ago

The best way is for the dev to review the finding to work out if it is a false positive and discuss with their team as to whether to mark as such or restructure the code so that it doesn't get flagged in the future. Even false positives can flag a code weakness which should be investigated. There will always be a low percentage of false positives, that is just life.

Senior Data Scientist in Services (non-Government)a year ago

A.t.m.h.o. the question itself is misleading. Classical statisic tests assume a probability to be wrong (" probsbility of error"). That's why one rejects a hypothesis if the probability drops below a certain threshold (most often 5%). That probability covers either the possibility, that the hypothesis is correct, but the data sample is not representative or the hypothesis is wrong, but the data sample suggests otherwise (like studies published, saying red wine or coffee are supporting one's health).

Content you might like

Why do you think that some devs are able to significantly improve their productivity using AI, while others aren’t?

Read More Comments

I am curious if your organization has used code generators in any real way. Not low-code tools, but actual generators like RAD-style scaffolding or Domain Specific Languages. I feel that building simple apps is still as complicated as it was twenty years ago, maybe even more. With everything we have today, why does it still feel this heavy? I would love to hear past experiences, suggestions, or ideas from people who have tried to make this easier in their teams.

I am interested in people who have tried generative AI coding projects.  In your experience, are there project attributes that make generative AI coding capabilities a "good fit"?  Are there project attributes that are likely indicators that generative AI will not result in something useful?  I would think complexity of requirements is a big factor.  If the complexity of the project or its requirements is low - I assume genAI coding can get you within the ballpark.  For instance, logic stores: if your project has critical business logic spread out all over the place and not centralized I think that generative AI would not be able to make sufficient sense of that.

Read More Comments

What’s the best software development methodology for enterprise-level projects?

Waterfall12%

Prototype18%

Rapid Application Development7%

Agile Scrum46%

Agile Kanban8%

Dynamic System Development1%

Lean Software Development2%

Other .. please add it down2%

View Results

Do you agree that your current software development process allows adequate time for QA testing? (Rate from strongly agree to strongly disagree)

Strongly agree12%

Somewhat agree55%

Neither agree nor disagree16%

Somewhat disagree14%

Strongly disagree1%

View Results