How Not to Choke on a Big Old Project

Discover effective strategies for managing large-scale C++ projects in this 47-minute conference talk by Yuri Minaev at NDC Conferences. Explore the challenges posed by the exponential growth of codebases and learn why traditional methods like code reviews and unit tests are no longer sufficient for ensuring optimal quality and security. Delve into the complexities of legacy code layers and the importance of modern tools and techniques such as DevSecOps, static and dynamic analysis, and quality control platforms. Gain insights on bug hunting, security considerations, and the integration of DevOps with security practices. Examine the benefits of static and dynamic analysis, learn how to conduct faster code reviews, and understand the value of tools like SonarQube. Address critical issues such as GPL compliance and summarize key takeaways for successfully navigating and maintaining large C++ projects in today's evolving development landscape.

Intro
About me
Some statistics
Legacy
What it looks like
Proven methods
Wait... what?
Hunting of the Bug
Where it leads
True story
What to do?
On security
DevOps + Security
Dynamic analysis
It's about movement
Static analysis
Code review done fast
Static vs Dynamic
SonarQube - why use it?
First run
Why and what to do
Extreme
GPL virus
Let's summarise