Reliability Analysis of Large Software Systems: Defect Data Modeling
IEEE Transactions on Software Engineering
The Detection of Fault-Prone Programs
IEEE Transactions on Software Engineering
A Practical View of Software Measurement and Implementation Experiences Within Motorola
IEEE Transactions on Software Engineering - Special issue on software measurement principles, techniques, and environments
Reliability of a commercial telecommunications system
ISSRE '96 Proceedings of the The Seventh International Symposium on Software Reliability Engineering
Why Information Security is Hard-An Economic Perspective
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
A market-based approach to software evolution
Proceedings of the 24th ACM SIGPLAN conference companion on Object oriented programming systems languages and applications
Hi-index | 0.00 |
Using a quantitative study of in-house coding practices, we demonstrate the notion that programming needs to move from "Lines of Code per day" as a productivity measure to a measure that takes debugging and documentation into account. This could be something such as "Lines of clean, simple, correct, well-documented code per day", but with bugs propagating into the 6th iteration of patches, a new paradigm needs to be developed. Finding flaws in software, whether these have a security related cost or not, is an essential component of software development. When these bugs result in security vulnerabilities, the importance of testing becomes even more critical. Many studies have been conducted using the practices of large software vendors as a basis, but few studies have looked at in-house development practices. This paper uses an empirical study of in-house software coding practices in Australian companies to both demonstrate that there is an economic limit to how far testing should proceed as well as noting the deficiencies in the existing approaches.