Crazy idea of the day: Static Analysis Ranked Defect List.
Here is a software analysis tool feature request/product idea: So many times we see the problem that a static analysis tool or other way of automatically finding bugs inundates developers with so many possible bugs they turn it off in frustration. Or maybe they have a requirement to ship only "clean" code so they don't run the tool because then there is nothing to clean up. Put your favorite head-in-the-sand organizational dysfunction here.
I'd love to be able to recommend a static analysis or other tool that has a feature that reports that top 10 defects currently in the code base, ranked by likely risk. Go ahead and use machine learning for the ranking; fine with me. Regardless of methodology, fixing only some is a guess after all.
Ultimately, all the static analysis warnings should be cleaned up. Having a "top K warnings" feature would allow a team to make progress over time instead of simply sweeping the entire mess under the carpet and ignoring what is often very valuable information that predicts defect escapes to deployment.
For tools with many warnings an approximation can be to gradually turn on a series of warning flags over time and/or just run the warnings on a subset of modules. But a global "these are the 10 scariest warnings" would be a nice feature.
Thoughts? Does some tool already do this?
