Software engineering manager Omara Williams leads the embedded software team at Linx, a group responsible for the quality and security of the software that runs on Linx products. “It’s real-time software with real-time challenges, such as the need to communicate with production lines 24x7,” Williams said. “In almost all cases, Linx printers and software need to have 24x7 uptime. Downtime can result in production line breaks, products not labeled correctly, and the customer ultimately losing money.”
Williams had a priority to make her team’s software as stable and secure as possible by establishing a “zero-defect” policy. But there were challenges that needed to be addressed first. “I had previous experience with Coverity® static analysis,” Williams noted. “And I felt using it would reduce some of the issues we were running into. But first I had to convince my management that Coverity would be a worthwhile investment.” “I gave my director a high-level overview of what was likely happening in the software that was causing some of the code stability issues we were encountering and how Coverity could be used to identify those issues,” Williams continued. “He was convinced by my presentation, and we bought Coverity.”
There was also some resistance from Linx developers. This wasn’t surprising to Williams, a software developer herself. As with most development teams, the Linx team’s focus was on producing code quickly, so they resisted the introduction of anything that might slow their development process down. But Williams knew that Coverity could help Linx developers identify critical software quality defects so they could be fixed at the beginning of the development cycle while still achieving the speed they needed.
“Yes, there was a bit of, ‘it’s going to slow us down,’ and ‘there will be too many false positives,’” Williams said. “But everyone agreed a priority was that our printers needed to match the requirements of our customers’ production lines, and that customers should feel confident that the software running on Linx printers was stable, secure, and accurate.” “I set up weekly meetings with the development team, going through Coverity’s analysis of the code with them,” she continued. “And yes, we found some false positives. But we found many more true positives, to the point that someone said of a coding error, ‘oh, how could I have done that?’ At that point, I knew that they were convinced that Coverity was a useful tool that could help them write better code, faster.”
"Our next step was to take the code defects to zero," she said.
As Williams’ team went through the coding issues discovered by Coverity and fixed the defects, their confidence in achieving their zero-defects goal grew. “We integrated Coverity into our Jenkins CI/CD pipeline,” said Williams. “We ran Coverity on a daily basis, and each night we looked at the snapshot results. Coverity is also integrated with our Jira bug-tracking system. When Coverity identifies a defect, an associated Jira ticket is created to track the progress of its fix.”
“We work under a policy called feature branching; that is, a developer opens a new branch of the code whenever she works on a new feature. We don’t commit to the development branch until the feature branch has gone through Coverity and approved. Only then do we merge it into the development branch, and then ultimately to production.”
Linx’s zero-defect goal, initiated in 2019, was achieved by 2021. As code is changed or new code is introduced, Coverity continues to help Linx identify and fix defect issues. To date, Coverity has analyzed 1.7 million lines of Linx code. In the first year, 97% of the issues identified by Coverity were resolved. Over the course of the next 24 months, Coverity helped Linx maintain a near-flawless risk posture.
“One pleasant surprise is that Coverity has helped our developers code better, as they see the mistakes they’ve made,” Williams said. “From being concerned that Coverity would slow development or flood us with false positives, we think of Coverity as if it were a member of the software team.”
“Another unexpected benefit is that developers aren’t assuming anymore that QA will find the issues for us. Instead, they’re using Coverity to find issues that they can fix before the code reaches QA. Of every 10 issues development has verified as closed, nine have passed QA.”
“The projects I’ve done with Coverity have been very successful,” Williams concluded. “The results have been amazing, and it’s been an incredible journey over the past 36 months. I’m very satisfied with the support I have had, both during installation and maintenance—and not only from the technical staff, but also from customer care. The support team has been very responsive and efficient, resolving 100% of all requests within the stated timeframe.”
Company overview
World-class coding and marking
specialists for industrial printing
and marking solutions, Linx Printing
Technologies Ltd. is part of the
Danaher Group, a U.S. Fortune
500 company. Any business that
requires product identification
codes, batch numbers, barcodes,
and “use by” dates probably has a
Linx solution on its production line.
Linx products include continuous
ink jet printers used in the food,
beverage, and automotive industries;
laser coders for pharmaceuticals or
cosmetics; large character printers
for packaging; and thermal transfer
printers for coding onto labels, trays,
sleeves, and plastic film packaging
materials.
Learn more about conducting security testing early in the SDLC
Explore the value of SAST in managing application risk