When I started my career, the attention was still on hardware quality. Machines with redundant hardware were the rage and VERY expensive. However, realization soon dawned. Analysis from the researchers pointed out that the incidents and costs from software failure were higher – turning the paradigm on it’s head.
Little has changed since then – software continues to have quality issues with resulting impacts on productivity, accuracy and even reputation. What has changed are the issues.
Historically, issues were with stability; software would crash or freeze at the most inopportune times. Today, thankfully, this is not the case. Even a version 1.0 software rarely shows this kind of behaviour [barring cases where the client or end-user is being used as a beta tester!] This is true of consumer, third party and internal software.
Issues today are different. They tend to do with functionality, usability, resource usage [specially on mobile platforms] and, IMHO, the biggest humbug today – security.
Functionality and usability are two issues which can be solved by getting closer to the end-client. What do they really want, and how do they use the software? However, this is not something that seems to be coming easy to our teams; specially for internal software though commercial software is not averse to showing this trend. In addition, reliability in the functionality is also suspect. These issues are, often, caused by bad coding, which is avoidable. The vision of IV&V [Independant Validation & Verification] has not really achieved everything it set out to do – practitioners still need to work out the chinks.
The security issue seems to be a whole different ballgame. While this may also be caused by bad coding, work done at design time does not seem to be enough to ensure security. Given enough time, it seems, hackers can figure out a way to identify and exploit weaknesses given the multiple tools at their disposal. The only way to stop this from happening seems to be at run-time.
This is not a new solution. Academia has been conducting research in the fields of self-healing and self-defending software for some time. However, there has been no framework or usable toolset coming out of this research which seems to have been running for longer than a decade. In trying to find data among recent articles, I was only able to find two. A partial implementation by IBM Israel and an April fool’s joke.
To me, this is a sad state of affairs given the potentially beneficial implications. This is not an easy problem to solve, but neither were the problems this industry has solved over the past decade. With the resources available and the potential for this market, the lack of visible effort in this area is surprising. The question I want to ask is “whereforth art thou open source…”
If there is work that is ongoing that I have not been able to find, please do enlighten me!