GrammaTech Helps Deliver High Quality, Safe, Secure Software and Ensure Customer Satisfaction.DOWNLOAD PDF
PETROLEUM ENGINEERING AND STRUCTURAL GEOLOGY SOFTWARE
Petroleum Experts (Petex) provides petroleum engineering and structural geology software tools that enable the oil and gas industry to dynamically model their oil reservoirs, production and injection wells, and surface pipeline networks as an integrated production system.
“With millions of lines of code comprising our software suites, CodeSonar saves us days of debugging time by pinpointing the root cause and dependencies of issues it finds across our integrated products we didn’t anticipate.”
Sr. Software Engineer
GrammaTech Helps Petroleum Experts Deliver High Quality, Safe, Secure Software and Ensure Customer Satisfaction.
“CodeSonar has become an essential component of our development process and increases our customer satisfaction,”– Robert Simpson, code development engineer at Petex.
Working with many of the largest oil and gas companies in the world, Petroleum Experts (Petex) delivers innovative petroleum engineering and structural geology software. Petex customers rely on its IPM, DOF, and MOVE software suites to achieve technical efficiency, optimize processes and maximize bottom-line production gains.
For Petex customers, its software is mission-critical to their operations. The IPM (Integrated Production Modeling) suite models complete oil or gas production systems including reservoirs, wells, and surface networks. The DOF (Digital Oil Field) suite replicates the behavior of an oil or gas field using workflows for automation and clusters to speed up calculations. And, the MOVE suite (now part of IPM) provides a fully digital environment for best-practice structural modeling to reduce risk and uncertainty in geological models.
To meet the needs of its customers, Petex must deliver quality and secure software that functions as promised and minimize defects that could potentially disrupt customer operations or impact the security of billions of dollars of customer assets. Because customer assets are so valuable, security is now even more important than ever and is being driven by customer requests to ensure the Petex software is secure.
As Robert Simpson, code development engineer at Petex, stated, “Our models have to work for our customers.” The challenge for Simpson and the development team is that the three software suites all need to work together on a foundation built on a legacy code base. “As we develop new features and functionality, testing becomes essential to make sure that new code works as expected and does not impact the security of the software before being delivered to customers,” added Simpson This is why Petex needed to integrate static analysis testing into its development cycles.
With a growing code base driven by customer requests and bigger features, Petex chose CodeSonar from GrammaTech as its static application security testing solution of choice to support a team of 20+ developers. When Petex first implemented CodeSonar, it ran a full sweep of its core C, C++, and C# code base. While the results produced thousands of warnings, the development team was able to quickly gain insight into these warnings and prioritize the issues that could cause critical crashes or security issues.
What stood out in this initial CodeSonar analysis was the ‘cut and paste’ and null pointer dereference issues that were found. CodeSonar gave us the ability to filter all of the warnings, prioritize those specific issues, and fix them,” said Simpson. Prior to the integration of the MOVE suite into the Petex IPM suite, MOVE utilized the CppCheck software to provide some overnight build and limited static analysis. When integrating MOVE into IPM, Petex decided to perform a detailed evaluation of MOVE using CodeSonar. Ultimately, Petex realized additional cost and time-saving benefits with the CodeSonar results when applying the new technology to its large existing code base.
Today, CodeSonar is integrated into Petex’s development process. As Simpson describes, “Our development environment is formalized on Jenkins CI/CD pipeline, Jira for testing and we’ve wrapped CodeSonar around Visual Studio. This allows us to run CodeSonar scans on incremental builds to analyze all new code changes.” By making results available to all developers in the CodeSonar web portal, the team is able to learn more about the warnings, how to efficiently fix them as they are found, and continually improve coding practices from the results.
Where CodeSonar is providing significant value to the Petex development team is its ability to continuously identify unforeseen errors in every build analysis. Beyond Visual Studio and compiling errors, CodeSonar analysis results provide deep insights into how the code is actually going to behave before going into production environments. “With millions of lines of code comprising our software suites, CodeSonar saves us days of debugging time by pinpointing the root cause and dependencies of issues it finds across our integrated products we didn’t anticipate,” stated Simpson.
For many of our multinational customers, security is essential, not only for the IT systems running the software but increasingly for the software itself. As a software vendor, Petex must accept stricter acceptance criteria for deployment into such systems, and adopting a best-in-class SAST product like CodeSonar alongside associated best practices as part of our development cycle was a must. “Strategically, we must adopt such measures to provide confidence to our customers that we take this as seriously as they do and ensure that at the point of contract negotiation or tender submission, we fulfill and tick all the security boxes,” explained Simpson.
As a customer-centric company, Petex is committed to delivering quality and secure software. The company interacts very closely with its customers to create new features and ensure its software is consistently meeting their critical requirements. “CodeSonar has become an essential component of our development process and increases our customer satisfaction,” said Simpson “Testing is now much quicker as we are able to catch and fix issues earlier in development, accelerate release schedules, and continuously improve the quality and security of our software suites.”