Today, small and medium-sized enterprises (SMEs) in the software industryface major challenges. Their resource constraints require high efficiency indevelopment. Furthermore, quality assurance (QA) measures need to be taken tomitigate the risk of additional, expensive effort for bug fixes orcompensations. Automated static analysis (ASA) can reduce this risk because itpromises low application effort. SMEs seem to take little advantage of thisopportunity. Instead, they still mainly rely on the dynamic analysis approachof software testing. In this article, we report on our experiences from atechnology transfer project. Our aim was to evaluate the results staticanalysis can provide for SMEs as well as the problems that occur whenintroducing and using static analysis in SMEs. We analysed five softwareprojects from five collaborating SMEs using three different ASA techniques:code clone detection, bug pattern detection and architecture conformanceanalysis. Following the analysis, we applied a quality model to aggregate andevaluate the results. Our study shows that the effort required to introduce ASAtechniques in SMEs is small (mostly below one person-hour each). Furthermore,we encountered only few technical problems. By means of the analyses, we coulddetect multiple defects in production code. The participating companiesperceived the analysis results to be a helpful addition to their current QA andwill include the analyses in their QA process. With the help of the Quamocoquality model, we could efficiently aggregate and rate static analysis results.However, we also encountered a partial mismatch with the opinions of the SMEs.We conclude, that ASA and quality models can be a valuable and affordableaddition to the QA process of SMEs.
展开▼