Submitted via IRC for SoyCow2718
Facebook doesn't have the most stellar privacy and security track record, especially given that many of its notable gaffes were avoidable. But with billions of users and a gargantuan platform to defend, it's not easy to catch every flaw in the company's 100 million lines of code. So four years ago, Facebook engineers began building a customized assessment tool that not only checks for known types of bugs but can fully scan the entire codebase in under 30 minutes—helping engineers catch issues in tweaks, changes, or major new features before they go live.
The platform, dubbed Zoncolan, is a "static analysis" tool that maps the behavior and functions of the codebase and looks for potential problems in individual branches, as well as in the interactions of various paths through the program. Having people manually review endless code changes all the time is impractical at such a large scale. But static analysis scales extremely well, because it sets "rules" about undesirable architecture or code behavior, and automatically scans the system for these classes of bugs. See it once, catch it forever. Ideally, the system not only flags potential problems but gives engineers real-time feedback and helps them learn to avoid pitfalls.
"Every time an engineer makes a proposed change to our codebase, Zoncolan will start running in the background, and it will either report to that engineer directly or it will flag to one of our security engineers who's on call," says Pieter Hooimeijer, a security engineering manager at Facebook. "So it runs thousands of times a day, and found on the order of 1,500 issues in calendar year 2018."
Source: https://www.wired.com/story/facebook-zoncolan-static-analysis-tool/?verso=true
(Score: 2) by Megahard on Friday August 23 2019, @06:20PM (2 children)
Apollo 11: 145K lines of code
Mars Curiosity Rover: 500K lines of code
Facebook: 100M lines of code
Something is seriously wrong here.
(Score: 2) by krishnoid on Friday August 23 2019, @09:22PM
You got a problem with that? Then invent your own Facebook! With blackjack, and hookers! And send it to the moon!
(Score: 2) by DannyB on Monday August 26 2019, @03:27PM
For Apollo 11, a "line" of code was probably one machine instruction.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.