Wednesday, October 19, 2005

Fostering Software Robustness in an increasingly Hostile World

I'm attending a very interesting session - "Fostering Software Robustness in an increasingly Hostile World" - here at OOPSLA in San Diego.

The focus, of course, is on quailty, and getting the number of bugs down in mission critical applications. According to one person, the number of hacker attacks grow at a annualized rate of 20%. At the same time, 35% of these attacks are indeed hostile in some manner or other - meaning that someone is out to exploit software bugs to steal information, commit credit card fraud, etc, etc.

Also quoted of course was the fact that 60% of bugs trace back to bad requirements. No, I didn't interrupt and yell "CaliberRM", "StarTeam", "Together", "SDO", etc, but I will of course talk about that later with people. :)

A common number of 6-7 bugs per 1,000 lines of code was mentioned as well. This becomes 6,000 bugs if you have a medium application of 1 million lines of code. If only 1% of these bugs are security risks, we still have an alarming rate of 60 security issues per million lines of code. If you haven't thought about this before, you should immediately turn on automatic updates in Windows. It's a good thing!

Steven Fraser (impressario) asked how many people used any kind of online banking. As expected, well over half do. Then he asked how many people would be worried if it didn't work as expected one day. I think all hands came back up again.

And here I am enjoying a great panel, while being connected on an insecure wireless system. Yes, I am using my VPN software, but how secure is my data really? How do I know for sure that noone is looking at my stuff while I'm here. I don't. All I can hope is that the people's whose software I use are making sure that quality is as high as it can possibly be, and that they work relentlessly to make it better and better.

Oh, and BTW, how sure am I that my data is safe with anyone else, such as my banking details with my bank, my medical records with my insurance company, etc, etc?

Added 5 minutes later: I just got an IP conflict alert from Windows... On the WiFi network? Or on my VPN? No clue...

No comments:

Post a Comment