If you've been following the testingReflections feed then you would have noticed announcements about CRAP4J.

CRAP is a metric recently devised to help developers avoid obtain feedback about certain elements of code quality.

Code coverage tools measure how thoroughly tests exercise programs. I believe they are misused more often than they're used well. This paper describes common misuses in detail, then argues for a particular cautious approach to the use of coverage.

Author: Brian Marick, Testing Foundations
Published: 1997

(via Joseph Heck)

CAP is a plugin for the Eclipse platform to analyse the dependencies of your Java project. It opens into its own perspective and displays the results in an clear way using different diagrams. CAP helps to improve encapsulation, by highlighting the weaknesses in Design Quality Metrics architecture. JDepend follows the same idea.

This taxonomy aims to provide better understanding of Code Smells and to recognize the relationships between smells. The five types of smells are: Bloaters, Object-Orientation Abusers, Change Preventers, Dispensables and Couplers, and indicate a Refactoring session may be in order.

Author: Mika Mäntylä
Published: 2004

(via Udi Dahan)

Large-scale software systems are staggeringly complex works of engineering. Bugs inevitably come with the territory and for decades, the software profession has looked for ways to fight them. We may not see perfect source code in our lifetime, but we are seeing much better analysis tools and promising new approaches to remedy the problem.

Author: Jon Udell
Published: InfoWorld, Oc

All software projects are guaranteed to have one artifact in common: source code. Together with architectural risk analysis, code review for security ranks very high on the list of software security best practices. Here, we’ll look at how to automate source-code security analysis with static analysis tools.

Authors: Brian Chess, Gary McGraw
Published: IEEE Computer Society, 2004