Semmle demo/presentation

[joshbw]

I was a little slow to get this going, but having chatted with Semmle yesterday they are happy to give a demo of their product, walk through how it works and how their queries to find issues are created (with much more in depth workshop on creating queries at some point in the future if Node.js decides to use it), and start the discussion of how Node might use Semmle if we decide to do so (i.e. what licensing looks like for our usage, so that I can then negotiate with them to acquire it for Node)

So two questions:

1. What date would work well for folks to set up a hangout to demo the tool
2. Who outside of the security WG should we also invite (Semmle has far more utility than just finding security bugs - it basically creates a queriably data representation of a code base and provides a query language to ask complex [or simple - but grep can also ask simple] questions about that code. Security lends itself well to that, but so does performance, reliability, etc.)? I'd think it would be of interest to senior developers/architects/quality folks on top of us security minded people.

[vdeturckheim]

@joshgav do you want to have that on the agenda on next meeting on Thursday? (#52 )

[sam-github]

@joshbw, how long will the demo take? If we can do it in a WG meeting, just add it to a WG meeting agenda. If its too long for that, just propose a time and place here, and ask who can make it. Pinging at-nodejs/collaborators would be a way to invite others.

[vdeturckheim]

@joshbw any news on that?