Software Quality
1 Collected Opinions
- Hoare on Software Quality, Software – Practice and Experience,
103-105, 1972. [Local copy ../Overview/hoare-quality-1972.pdf] An
editorial by C. A. R Hoare. Turing Award winner. Required
Reading.
- A Few Opinions of Professor Hehner. Required Reading. Retired
prof, U of Toronto. Author of
http://www.cs.toronto.edu/~hehner/aPToP/ free book. The course
Formal Methods of Software Design based on the book is available
online free. It includes lectures and transcripts.
- Bill Gates at the RSA Conference, 2005: "64% of developers are not
confident in their ability to write secure applications."
- "We wouldn't have to spend so much time and effort on network
security if we didn't have such bad software security." – Bruce
Schneier, author of "Applied Cryptography", and "Secrets & Lies:
Digital Security in a Networked World".
2 Current Software Quality
- "Malicious hackers don't create security holes; they simply
exploit them. Security holes and vulnerabilities – the real root
cause of the problem – are the result of bad software design and
implementation." – John Viega & Gary McGraw, authors of
Building Secure Software, 2001.
- "Have you ever written a program section with a security hole?
How did you know?" – Mark G. Graff & Kenneth R. van Wyk, authors of
"Secure Coding: Principles and Practices"
- "There is no software liability – no incentive for secure software.
Most developers never learned to produce secure code. Secure code
often takes a performance hit – i.e., the software runs about 1/3
slower – something many users don't want to tolerate. Writing
secure code also takes a lot more time – hence, development costs
are higher than usual. Consequently, the longer development times
and the longer running times discourage developers from writing
secure code."
- www.gnu.org/philosophy/ shouldbefree.html Opinion
- "Featurism", Performance: Overriding concern, Correctness: some
concern, Security: ??, Privacy: ??
- Secure software development is to prevent software crash/ hang/
misbehave – any concern??
- ACK: Collected from cs.hiram.edu/~obie/cpsc35200/slides/ProgSec1.ppt
Copyright © 2016 •
www.wright.edu/~pmateti 2016-04-28