Thursday 1 January 2015

The quest for 100% Code Coverage, the 96cc idea and 'apps with low CC must be insure'

I've spent the last day improving the UnitTest coverage of TM_4_0_Design and since this codebase as been developed with a nice TDD workflow, after a bit of code-cleanup and refactoring I was able to achieve 100% Code Coverage :)

This is quite an powerful development since this is already a complex 'real-world' app, which you also saw in action at Node + Chrome TDD test environment (finally got it to work)

(btw the dip above is caused by a publish to coveralls that I did by mistake (only a subset of the tests where running at the time))

I really think that a high level of CC (Code Coverage) is fundamental piece of the puzzle when developing secure applications. 

And although a high level of code coverage DOES NOT mean that an app is secure, I'm more and more convinced that low coverage means that the app is highly insecure (i.e. with high code coverage there is at least the possibility that the app is secure (and it can be properly tested for security issues))

Here is some thoughts about this I have been posting on Twitter over the past month: