50 likes | 130 Views
Metrics & Verifying Software. Paul E. Black National Institute of Standards and Technology http://www.nist.gov/ paul.black@nist.gov. Candidate Software. Secure SCADA Reference Implementation
E N D
Metrics & Verifying Software Paul E. Black National Institute of Standards and Technology http://www.nist.gov/ paul.black@nist.gov
Candidate Software • Secure SCADA Reference Implementation • Supervisory Control And Data Acquisition systems measure and control infrastructure for electricity, oil, gas, water, etc. • Rigorously specified and thoroughly tested • Medical Infusion Pump • Many models from many universities, etc. • An archetype of FDA approval process • Open source software: Apache, Linux, etc. • Change revision history available Paul E. Black
Reminders • Be willing to set aside your favorite method, tool, approach, … • “To a man with a hammer, every problem looks like a nail.” • Parable of the street light • This will take lots of good, hard work • Generally applicable tools take 3x longer • Integrated tools take 3x longer again • Brooks, “Mythical Man Month” • Little of this is considered publishable Paul E. Black
Useful Metrics • A measure is an objective attribute • A metric is higher-level or more subjective • Measures are bases for metrics: faults/LOC approximates quality • Careful version tracking is essential • Reports (problems or certificates) should be traceable to particular entities (specifications, version, module, …) Paul E. Black
Society has 3 options: • Learn how to make software that works • Limit size or authority of software • Accept failing software Paul E. Black