Abstract :
Static code analysis (SCA) is the analysis of computer programs that is performed without actually executing the programs, usually by using an automated tool. SCA has become an integral part of the software development life cycle and one of the first steps to detect and eliminate programming errors early in the software development stage. Although SCA tools are routinely used in proprietary software development environment to ensure software quality, application of such tools to the vast expanse of open source code presents a forbidding albeit interesting challenge, especially when open source code finds its way into commercial software. Although there have been recent efforts in this direction, in this paper, we address this challenge to some extent by applying static analysis on a popular open source project, i.e., Linux kernel, discuss the results of our analysis and based on our analysis, we propose an alternate workflow that can be adopted while incorporating open source software in a commercial software development process. Further, we discuss the benefits and the challenges faced while adopting the proposed alternate workflow.
Keywords :
Linux; program diagnostics; public domain software; security of data; software quality; software tools; Linux kernel; SCA tools; automated tool; commercial software development process; computer programs; open source code security; programming error detection; programming error elimination; software development life cycle; software development stage; software quality; static code analysis; Complexity theory; Computer bugs; Kernel; Linux; Programming; Security; Opensource; Software Development Life Cycle; Software Testing; Static Code Analysis;
