Have you ever run into false positives from a static source code analysis tool? What’s the best way to identify those so devs can focus on fixing real issues?

TestingQuality AssuranceSoftware Development
309 views1 Upvote2 Comments
Sort By:
Oldest
Senior Data Scientist in Miscellaneous2 months ago
A.t.m.h.o. the question itself is misleading. Classical statisic tests assume a probability to be wrong (" probsbility of error"). That's why one rejects a hypothesis if the probability drops below a certain threshold (most often 5%). That probability covers either the possibility, that the hypothesis is correct, but the data sample is not representative or the hypothesis is wrong, but the data sample suggests otherwise (like studies published, saying red wine or coffee are supporting one's health).
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Chief Techical Officer in Software2 months ago
The best way is for the dev to review the finding to work out if it is a false positive and discuss with their team as to whether to mark as such or restructure the code so that it doesn't get flagged in the future. Even false positives can flag a code weakness which should be investigated. There will always be a low percentage of false positives, that is just life.

Content you might like

What is the most interesting/helpful/unique tool you're using right now that no one is talking about?

CloudNetworkCompute+37 more
Senior Director, Technology Solutions and Analytics in Telecommunication3 years ago
Palantir Foundry
3
Read More Comments
11.7k views13 Upvotes49 Comments

How broadly is Kubernetes used to manage and deploy your containers today?

Software DevelopmentContainers

Exclusively17%

Pervasively49%

Occassionally20%

Infrequently6%

Not at all6%

View Results
1.3k views

Where should feedback loops be built into the development life cycle? What’s the right cadence for developers to get direct feedback on their code?

Software DevelopmentSoftware Development Life Cycle (SDLC)Talent Management & Performance+1 more
VP of Engineering23 days ago
Ideally, feedback should be as frequent as possible and integrated at various levels. At the lowest level, you can use linting to help enforce standards and provide immediate feedback if the code deviates from those. That’s ...read more
2
Read More Comments
645 views1 Upvote5 Comments

Does anyone have experience in Migration from SAP ECC to SAP Grow?

Applications & PlatformsIT Strategy & RoadmapEngineering+1 more
CIO in Manufacturing17 days ago
There are so many questions here. What type of data are you talking about?
Transactional, master or all data?
1k views1 Upvote1 Comment

What is the best hybrid mobile app framework in order to accomplish an MVP?

MobileSoftware Development

Ionic32%

React Native59%

Xamarin7%

View Results
4.2k views2 Upvotes2 Comments