A Quantitative Analysis into the Economics of Correcting Software Bugs

Craig Wright, Tanveer Zia

Research output: Book chapter/Published conference paperConference paper

2 Citations (Scopus)
6 Downloads (Pure)

Abstract

Using a quantitative study of in-house coding practices, we demonstrate the notion that programming needs to move from "Lines of Code per day" as a productivity measure to a measure that takes debugging and documentation into account. This could be something such as "Lines of clean, simple, correct, well-documented code per day", but with bugs propagating into the 6th iteration of patches, a new paradigm needs to be developed. Finding flaws in software, whether these have a security related cost or not, is an essential component of software development. When these bugs result in security vulnerabilities, the importance of testing becomes even more critical. Many studies have been conducted using the practices of large software vendors as a basis, but few studies have looked at in-house development practices. This paper uses an empirical study of in-house software coding practices in Australian companies to both demonstrate that there is an economic limit to how far testing should proceed as well as noting the deficiencies in the existing approaches.
Original languageEnglish
Title of host publicationComputational Intelligence in Security for Information Systems
Subtitle of host publicationProceedings of the 4th International Conference, CISIS 2011
EditorsÁlvaro Herrero, Emilio Corchado
Place of PublicationGermany
PublisherSpringer
Pages198-205
Number of pages8
Volume6694
ISBN (Electronic)9783642213236
ISBN (Print)9783642213229
DOIs
Publication statusPublished - 2011
Event4th International Conference on Computational Intelligence in Security for Information Systems: CISIS 2011 - Hotel Melia Costa del Sol, Torremolinos, Málaga, Spain
Duration: 08 Jun 201110 Jun 2011
http://www.springer.com/gp/book/9783642213229 (Conference proceedings )
https://web.archive.org/web/20110720145129/http://gicap.ubu.es/cisis2011/home/home.shtml (Conference website)

Publication series

NameSecurity and Cryptology
PublisherSpringer
ISSN (Print)0302-9743

Conference

Conference4th International Conference on Computational Intelligence in Security for Information Systems
CountrySpain
CityTorremolinos, Málaga
Period08/06/1110/06/11
OtherCISIS aims to offer a meeting opportunity for academic and industry-related researchers belonging to the various, vast communities of Computational Intelligence, Information Security, and Data Mining. The need for intelligent, flexible behaviour by large, complex systems, especially in mission-critical domains, is intended to be the catalyst and the aggregation stimulus for the overall event.
Internet address

Fingerprint

Economics
Testing
Chemical analysis
Software engineering
Productivity
Defects
Costs
Industry

Cite this

Wright, C., & Zia, T. (2011). A Quantitative Analysis into the Economics of Correcting Software Bugs. In Ã. Herrero, & E. Corchado (Eds.), Computational Intelligence in Security for Information Systems: Proceedings of the 4th International Conference, CISIS 2011 (Vol. 6694, pp. 198-205). (Security and Cryptology). Germany: Springer. https://doi.org/10.1007/978-3-642-21323-6
Wright, Craig ; Zia, Tanveer. / A Quantitative Analysis into the Economics of Correcting Software Bugs. Computational Intelligence in Security for Information Systems: Proceedings of the 4th International Conference, CISIS 2011. editor / Álvaro Herrero ; Emilio Corchado. Vol. 6694 Germany : Springer, 2011. pp. 198-205 (Security and Cryptology).
@inproceedings{3f6d64afc3ab456fb7a9b7920a34eb74,
title = "A Quantitative Analysis into the Economics of Correcting Software Bugs",
abstract = "Using a quantitative study of in-house coding practices, we demonstrate the notion that programming needs to move from {"}Lines of Code per day{"} as a productivity measure to a measure that takes debugging and documentation into account. This could be something such as {"}Lines of clean, simple, correct, well-documented code per day{"}, but with bugs propagating into the 6th iteration of patches, a new paradigm needs to be developed. Finding flaws in software, whether these have a security related cost or not, is an essential component of software development. When these bugs result in security vulnerabilities, the importance of testing becomes even more critical. Many studies have been conducted using the practices of large software vendors as a basis, but few studies have looked at in-house development practices. This paper uses an empirical study of in-house software coding practices in Australian companies to both demonstrate that there is an economic limit to how far testing should proceed as well as noting the deficiencies in the existing approaches.",
keywords = "Empirical studies, Model Checking, Software Development Life Cycle, Software Verification",
author = "Craig Wright and Tanveer Zia",
note = "Imported on 03 May 2017 - DigiTool details were: publisher = Germany: Springer, 2011. editor/s (773b) = Herrero, {\~A}lvaro and Corchado, Emilio; Event dates (773o) = 8-10 June 2011; Parent title (773t) = Computational Intelligence in Security for Information Systems. ISSNs: 0302-9743;",
year = "2011",
doi = "10.1007/978-3-642-21323-6",
language = "English",
isbn = "9783642213229",
volume = "6694",
series = "Security and Cryptology",
publisher = "Springer",
pages = "198--205",
editor = "{\~A}lvaro Herrero and Emilio Corchado",
booktitle = "Computational Intelligence in Security for Information Systems",
address = "United States",

}

Wright, C & Zia, T 2011, A Quantitative Analysis into the Economics of Correcting Software Bugs. in à Herrero & E Corchado (eds), Computational Intelligence in Security for Information Systems: Proceedings of the 4th International Conference, CISIS 2011. vol. 6694, Security and Cryptology, Springer, Germany, pp. 198-205, 4th International Conference on Computational Intelligence in Security for Information Systems, Torremolinos, Málaga, Spain, 08/06/11. https://doi.org/10.1007/978-3-642-21323-6

A Quantitative Analysis into the Economics of Correcting Software Bugs. / Wright, Craig; Zia, Tanveer.

Computational Intelligence in Security for Information Systems: Proceedings of the 4th International Conference, CISIS 2011. ed. / Álvaro Herrero; Emilio Corchado. Vol. 6694 Germany : Springer, 2011. p. 198-205 (Security and Cryptology).

Research output: Book chapter/Published conference paperConference paper

TY - GEN

T1 - A Quantitative Analysis into the Economics of Correcting Software Bugs

AU - Wright, Craig

AU - Zia, Tanveer

N1 - Imported on 03 May 2017 - DigiTool details were: publisher = Germany: Springer, 2011. editor/s (773b) = Herrero, Álvaro and Corchado, Emilio; Event dates (773o) = 8-10 June 2011; Parent title (773t) = Computational Intelligence in Security for Information Systems. ISSNs: 0302-9743;

PY - 2011

Y1 - 2011

N2 - Using a quantitative study of in-house coding practices, we demonstrate the notion that programming needs to move from "Lines of Code per day" as a productivity measure to a measure that takes debugging and documentation into account. This could be something such as "Lines of clean, simple, correct, well-documented code per day", but with bugs propagating into the 6th iteration of patches, a new paradigm needs to be developed. Finding flaws in software, whether these have a security related cost or not, is an essential component of software development. When these bugs result in security vulnerabilities, the importance of testing becomes even more critical. Many studies have been conducted using the practices of large software vendors as a basis, but few studies have looked at in-house development practices. This paper uses an empirical study of in-house software coding practices in Australian companies to both demonstrate that there is an economic limit to how far testing should proceed as well as noting the deficiencies in the existing approaches.

AB - Using a quantitative study of in-house coding practices, we demonstrate the notion that programming needs to move from "Lines of Code per day" as a productivity measure to a measure that takes debugging and documentation into account. This could be something such as "Lines of clean, simple, correct, well-documented code per day", but with bugs propagating into the 6th iteration of patches, a new paradigm needs to be developed. Finding flaws in software, whether these have a security related cost or not, is an essential component of software development. When these bugs result in security vulnerabilities, the importance of testing becomes even more critical. Many studies have been conducted using the practices of large software vendors as a basis, but few studies have looked at in-house development practices. This paper uses an empirical study of in-house software coding practices in Australian companies to both demonstrate that there is an economic limit to how far testing should proceed as well as noting the deficiencies in the existing approaches.

KW - Empirical studies

KW - Model Checking

KW - Software Development Life Cycle

KW - Software Verification

U2 - 10.1007/978-3-642-21323-6

DO - 10.1007/978-3-642-21323-6

M3 - Conference paper

SN - 9783642213229

VL - 6694

T3 - Security and Cryptology

SP - 198

EP - 205

BT - Computational Intelligence in Security for Information Systems

A2 - Herrero, Álvaro

A2 - Corchado, Emilio

PB - Springer

CY - Germany

ER -

Wright C, Zia T. A Quantitative Analysis into the Economics of Correcting Software Bugs. In Herrero Ã, Corchado E, editors, Computational Intelligence in Security for Information Systems: Proceedings of the 4th International Conference, CISIS 2011. Vol. 6694. Germany: Springer. 2011. p. 198-205. (Security and Cryptology). https://doi.org/10.1007/978-3-642-21323-6