C# Static Code Analysis with NDepend

NDepend Icon
Have you heard about the “goto fail” fail? This is a security bug which was introduced by Apple in one of the iOS updates. Long story short, there was a piece of unreachable code which had to perform an important security check of a certificate. But it was unreachable. This is a huge defect in the software of this kind. Any meaningful static analysis tool would find that defect and any meaningful developer would fix such a bug after that. What am I talking about is that the cost of lately caught bugs is much greater than the cost of a bug caught at compile time. I don’t know how the hell Apple slipped up like that, but we are not going to discuss that. We are going to talk about static analysis.

Continue reading