Software errors might manifest themselves as an unexplained 'crash' familiar to most computer users, but can have greater consequences in enterprise and embedded systems. A loss of half a billion dollars resulted from a simple overflow error in the Ariane 5 rocket controller. NIST estimated the overall cost of software bugs to the US economy alone as $59.5 billion in 2002.
Over the last 30 or 40 years a range of tools and techniques have been developed to analyse software systems to detect flaws. Of these the most effective are the so-called Static Analysis tools which take the source code or bytecode of a system and look for patterns that signal possible defects such as null pointer dereference, concurrent access exceptions, or improper input validation.
Such tools are widely available at disparate price points from Open Source freeware through to Enterprise tools which have deal sizes of hundreds of thousands of dollars. The problem is that no individual tool is best of breed in all areas, and that many of the tools - especially at the low-end - are very difficult to work with either singly or in combination, because they are very poorly integrated into the software development lifecycle and development tooling.
As part of the Software Integrity Engineering (SIE) programme, ITI Scotland developed a unique tool integration framework that transforms the user experience of open source and low-cost static analysis tools to a level of useability and function that matches or exceeds that of existing high-priced static analysis tools. It brings the following advantages:
- Simple and familiar integration to your existing Eclipse development workflow for fast and comfortable adoption by your developers
- Aggregation of findings from multiple static analysers to get 'best of breed' weakness coverage so that you have the ultimate peace of mind during your next release
- Easy addition of new analysers so that your developments always exploit the latest best practises
- Root cause analysis that integrates the mass of static analysis findings into the single root cause of failure without the hassle of trawling through umpteen pages of irrelevant warnings
- One-click navigation through a graphical representation of the static analysis, eliminating the mass of detail in the findings to identify the root cause to the software failure in question
- Life cycle tracking that allows the unification of findings despite changes to the software. This repeatability removes the tedium of revisiting the same problem even while refactoring your code
- Cross language support for C++ and Java
Barriers to adoption are removed by close integration with the development environment and development process, and by the appeal to software developers of the unique graphical representation of software defects. The costs associated with both tool adoption (training costs) and tool use (quality of results delivered by tools) are reduced. Results delivered by analysis can help teach best practise to developers. Insight into code problems can be immediately realised, even for legacy code.
We are seeking engagement with organisations and/or individuals who may have an interest in licensing this technology. We seek to exploit these intellectual assets for the benefit of the Scottish economy.
The SIE assets can be used to facilitate the entry of a 'disruptive product' in the static analysis market by combining open source and/or low-cost static analysis tools into a relatively low-cost product with high useability that can achieve high levels of market penetration.
The assets can also be used to add value to an existing static analysis tool, reducing time to market and/or improving feature-competitiveness.
The modular nature of the assets also lends itself to tiered pricing structures and up-selling opportunities– entry versions, enterprise versions etc. that can be used to disrupt competitors’ market positioning.
The technology can be licensed as either a complete system or in its component parts.
The next step
The closing date for expressions of interest in this opportunity is 28 September. If you would like to be involved with the exploitation of this new technology, please contact us