Metrics & Verifying Software

1. Metrics & Verifying Software Paul E. Black National Institute of Standards and Technology http://www.nist.gov/ paul.black@nist.gov

2. Candidate Software • Secure SCADA Reference Implementation • Supervisory Control And Data Acquisition systems measure and control infrastructure for electricity, oil, gas, water, etc. • Rigorously specified and thoroughly tested • Medical Infusion Pump • Many models from many universities, etc. • An archetype of FDA approval process • Open source software: Apache, Linux, etc. • Change revision history available Paul E. Black

3. Reminders • Be willing to set aside your favorite method, tool, approach, … • “To a man with a hammer, every problem looks like a nail.” • Parable of the street light • This will take lots of good, hard work • Generally applicable tools take 3x longer • Integrated tools take 3x longer again • Brooks, “Mythical Man Month” • Little of this is considered publishable Paul E. Black

4. Useful Metrics • A measure is an objective attribute • A metric is higher-level or more subjective • Measures are bases for metrics: faults/LOC approximates quality • Careful version tracking is essential • Reports (problems or certificates) should be traceable to particular entities (specifications, version, module, …) Paul E. Black

5. Society has 3 options: • Learn how to make software that works • Limit size or authority of software • Accept failing software Paul E. Black