A Quantitative Analysis into the Economics of Correcting Software Bugs

Wright, Craig S.; Zia, Tanveer A.

doi:10.1007/978-3-642-21323-6_25

Craig S. Wright¹⁸ &
Tanveer A. Zia¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6694))

1525 Accesses
7 Citations

Abstract

Using a quantitative study of in-house coding practices, we demonstrate the notion that programming needs to move from “Lines of Code per day” as a productivity measure to a measure that takes debugging and documentation into account. This could be something such as “Lines of clean, simple, correct, well-documented code per day”, but with bugs propagating into the 6th iteration of patches, a new paradigm needs to be developed. Finding flaws in software, whether these have a security related cost or not, is an essential component of software development. When these bugs result in security vulnerabilities, the importance of testing becomes even more critical. Many studies have been conducted using the practices of large software vendors as a basis, but few studies have looked at in-house development practices. This paper uses an empirical study of in-house software coding practices in Australian companies to both demonstrate that there is an economic limit to how far testing should proceed as well as noting the deficiencies in the existing approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Anderson., R.: Why information security is hard, an economic perspective. In: 17th Annual Computer Security Applications Conf., New Orleans, LA (December 2001)
Google Scholar
Carman, D.W., Dolinsky, A.A., Lyu, M.R., Yu, J.S.: Software Reliability Engineering Study of a Large-Scale Telecommunications System. In: Proc. Sixth Int’l Symp. Software Reliability Eng., pp. 350–359 (1995)
Google Scholar
Connell, C.: It’s Not About Lines of Code, http://www.developer.com/java/other/article.php/988641 (viewed March 15, 2010)
Daskalantonakis, M.K.: A Practical View of Software Measurement and Implementation Experiences within Motorola. IEEE Trans. Software Eng. 18(11), 998–1010 (1992)
Article Google Scholar
Kaaniche, K., Kanoun, K.: Reliability of a Telecommunications System. In: Proc. Seventh Int’l Symp. Software Reliability Eng., pp. 207–212 (1996)
Google Scholar
Khoshgoftaar, T.M., Allen, E.B., Kalaichelvan, K.S., Goel, N.: Early Quality Prediction: A Case Study in Telecommunications. IEEE Trans. Software Eng. 13(1), 65–71 (1996)
Article Google Scholar
Levendel, Y.: Reliability Analysis of Large Software Systems: Defects Data Modeling. IEEE Trans. Software Eng. 16(2), 141–152 (1990)
Article Google Scholar
Mills, H.D.: Top-down programming in large systems. In: Rustin, R. (ed.) Debugging Techniques in Large Systems. Prentice-Hall, Englewoods Cliffs (1971)
Google Scholar
Munson, J.C., Khoshgoftaar, T.M.: The Detection of Fault-Prone Programs. IEEE Transactions on Software Engineering 18(5), 423–433 (1992)
Article Google Scholar
Cobb, C.W., Douglas, P.H.: A theory of production. American Economic Review 18(1), 139–165 (1928); Supplement, Papers and Proceedings of the Fortieth Annual Meeting of the American Economic Association (1928)
Google Scholar
Bayes, T.: An essay towards solving a problem in the doctrine of chances. Philosophical Transactions of the Royal Society 53, 370–418 (1763)
Google Scholar
Bacon, D.F., Chen, Y., Parkes, D., Rao, M.: A market-based approach to software evolution. Paper Presented at the Proceeding of the 24th ACM SIGPLAN Conference Companion on Object Oriented Programming Systems languages and Applications (2009)
Google Scholar
Sestoft, P.: Systematic software testing IT University of Copenhagen, Denmark1 Version 2, 2008-02-25 (2008)
Google Scholar
Wright, C.S.: The not so Mythical IDS Man-Month: Or Brooks and the rule of information security. In: ISSRE (2010)
Google Scholar

Download references

Author information

Authors and Affiliations

School of Computing and Mathematics, Charles Sturt University, NSW, 2678, Australia
Craig S. Wright & Tanveer A. Zia

Authors

Craig S. Wright
View author publications
You can also search for this author in PubMed Google Scholar
Tanveer A. Zia
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Departamento de Ingeniería Civil, Universidad de Burgos, Francisco de Vitoria s/n, 09006, Burgos, Spain
Álvaro Herrero
Departamento de Informática y Automática, Universidad de Salamanca, Plaza de la Merced s/n, 37008, Salamanca, Spain
Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Wright, C.S., Zia, T.A. (2011). A Quantitative Analysis into the Economics of Correcting Software Bugs. In: Herrero, Á., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Lecture Notes in Computer Science, vol 6694. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21323-6_25

Download citation

DOI: https://doi.org/10.1007/978-3-642-21323-6_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21322-9
Online ISBN: 978-3-642-21323-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics