Abstract
Using a quantitative study of in-house coding practices, we demonstrate the notion that programming needs to move from "Lines of Code per day" as a productivity measure to a measure that takes debugging and documentation into account. This could be something such as "Lines of clean, simple, correct, well-documented code per day", but with bugs propagating into the 6th iteration of patches, a new paradigm needs to be developed. Finding flaws in software, whether these have a security related cost or not, is an essential component of software development. When these bugs result in security vulnerabilities, the importance of testing becomes even more critical. Many studies have been conducted using the practices of large software vendors as a basis, but few studies have looked at in-house development practices. This paper uses an empirical study of in-house software coding practices in Australian companies to both demonstrate that there is an economic limit to how far testing should proceed as well as noting the deficiencies in the existing approaches.
Original language | English |
---|---|
Title of host publication | Computational Intelligence in Security for Information Systems |
Subtitle of host publication | Proceedings of the 4th International Conference, CISIS 2011 |
Editors | Ãlvaro Herrero, Emilio Corchado |
Place of Publication | Germany |
Publisher | Springer |
Pages | 199-206 |
Number of pages | 8 |
Volume | 6694 |
ISBN (Electronic) | 9783642213236 |
ISBN (Print) | 9783642213229 |
DOIs | |
Publication status | Published - 2011 |
Event | 4th International Conference on Computational Intelligence in Security for Information Systems: CISIS 2011 - Hotel Melia Costa del Sol, Torremolinos, Málaga, Spain Duration: 08 Jun 2011 → 10 Jun 2011 http://www.springer.com/gp/book/9783642213229 (Conference proceedings ) https://web.archive.org/web/20110720145129/http://gicap.ubu.es/cisis2011/home/home.shtml (Conference website) |
Publication series
Name | Security and Cryptology |
---|---|
Publisher | Springer |
ISSN (Print) | 0302-9743 |
Conference
Conference | 4th International Conference on Computational Intelligence in Security for Information Systems |
---|---|
Country/Territory | Spain |
City | Torremolinos, Málaga |
Period | 08/06/11 → 10/06/11 |
Other | CISIS aims to offer a meeting opportunity for academic and industry-related researchers belonging to the various, vast communities of Computational Intelligence, Information Security, and Data Mining. The need for intelligent, flexible behaviour by large, complex systems, especially in mission-critical domains, is intended to be the catalyst and the aggregation stimulus for the overall event. |
Internet address |
|