Litcius/Paper detail

Why Do Software Developers Use Static Analysis Tools? A User-Centered Study of Developer Needs and Motivations

Lisa Nguyen Quang, James R. Wright, Karim Ali

2020IEEE Transactions on Software Engineering76 citationsDOI

Abstract

As increasingly complex software is developed every day, a growing number of companies use static analysis tools to reason about program properties ranging from simple coding style rules to more advanced software bugs, to multi-tier security vulnerabilities. While increasingly complex analyses are created, developer support must also be updated to ensure that the tools are used to their best potential. Past research in the usability of static analysis tools has primarily focused on usability issues encountered by software developers, and the causes of those issues in analysis tools. In this article, we adopt a more user-centered approach, and aim at understanding why software developers use analysis tools, which decisions they make when using those tools, what they look for when making those decisions, and the motivation behind their strategies. This approach allows us to derive new tool requirements that closely support software developers (e.g., systems for recommending warnings to fix that take developer knowledge into account), and also open novel avenues for further static-analysis research such as collaborative user interfaces for analysis warnings.

Topics & Concepts

Computer scienceUsabilitySoftware engineeringSoftware developmentSoftwareStatic program analysisSecure codingWorld Wide WebHuman–computer interactionSoftware security assuranceComputer securityProgramming languageInformation securitySecurity serviceSoftware Engineering ResearchAdvanced Malware Detection TechniquesSoftware Reliability and Analysis Research
Why Do Software Developers Use Static Analysis Tools? A User-Centered Study of Developer Needs and Motivations | Litcius