The world has changed. What worked before, well, it's still working, but it's not enough. Things like code reviews and unit tests are still important and vital, but they can't provide the best quality and security level of C++ projects any more. Why is that?
The projects have grown significantly over the years. Many of them got hundreds of times as large. This happened gradually, and not everyone understands this yet. Any big old project comprises layers of code akin to geological strata, and what's important, nobody knows or remembers how all this works. It's time for tools and techniques which help to keep everything together: DevSecOps, static analysis, dynamic analysis, and quality control platforms.
Check out more of our talks at: