Shift-Left Testing is the coding practice to test early in the software development life cycle (SDLC). Testing too late or not often enough increases the difficulty of tracking down bugs. In addition, late testing requires more time to confirm that the code change does not have other unintended consequences. Testing should be performed early and often, so the software patches are small and safe.
In the software development, there are many forms and levels of black-box software testing, such as unit, conformance, interoperability, stress, fuzz, regression, etc. Different methods of white-box testing can shift left testing in the SDLC. The application of coding standard testing helps identify potential coding errors and vulnerabilities. As discussed in Introduction to MISRA C, adherence to a coding standard is important for C code bases due to the platform-dependent, unspecified or undefined behaviors of the language. Of course, being compliant to a standard does not guarantee secure code. The utilization of static analysis security testing (SAST) is a supplemental white-box testing method. At compile time, SAST software analyzes the source code on a deeper level. These tools incorporate the Common Weakness Enumeration (CWE) list to find coding issues, such as an out-of-bound read/write, resource leaks, structurally/logically dead code. After performing these white-box testing procedures, the amount of time required for bug tracking during black-box testing is reduced.
VOCAL’s code base is fundamentally written in C and their coding practices implement shift-left testing to ensure secure and reliable software.