[SystemSafety] Static Analysis

Les Chambers les at chambers.com.au
Mon Mar 3 07:13:25 CET 2014 

Derek

RE: your comment
"... there are advantages to rolling out partially working systems.  You get
to learn a lot. ..."
"... I don't think we should dismiss the suck it and see approach.  It does
have some advantages. ..."

In the context of the types of applications that people on this list have to
deal with on a day-to-day basis I have to quote Tom Miller (US chief of
operations in Iraq 2004)
"If I'd had that idea, I'da gone outside, and sat under a shady tree
somewhere till it passed. Then I'da come back in."
(Quoted in: Running the War in Iraq, Jim Molan)

Safety-related applications can't be sucked and seen. That's how you kill
people.
Imagine launching a stand-off missile from a strike jet, the software
engineer pushes the button and then, reflecting, shouts "Hey. come back,
I've just thought of a great new feature that the enemy will love"

Engineers don't suck and see. This is what differentiates us from hackers
and so-called craftsmen. Healthcare.gov inconvenienced 14 million Americans
and required the president of the United States to apologise over national
television. This didn't have to be. There exists plenty of technology to
simulate the operation of very large systems. All it takes is the will to
spend the money to do the simulations and/or set up the test rigs. In
Dresden, Airbus Industries has a wing testing facility. They spent
approximately $200 million building it and have been flexing an A380 wing
for over four years, proving that it will survive at least three times its
design life. That's what I call sucking and seeing. Why? Because a wing just
can't fall off a plane. Gees, that would make it unfit for purpose. That's
pretty clear to everyone.
Now, if you're a Facebook developer, that's different. Their motto is "move
fast and break things." This is pop culture. They are not serious people. 

Cheers
Les


-----Original Message-----
From: systemsafety-bounces at lists.techfak.uni-bielefeld.de
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Derek M Jones
Sent: Friday, February 28, 2014 12:36 PM
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Static Analysis

Les,

> You seem to be suggesting that one should let truth stand in the way of a
> good story!

Not to mention the bare-knuckle political fighting going on over
this implementation.

> Let me speak plainly. The point of my weeping is: the archetypal behaviour
> we are witnessing here. In common with the safety critical domain, the
> computer security domain is redolent with good process, cornucopia of

I don't have reliable information on the security issues.
But lets look at this project as an implementation problem.

Like people on this list my background involves producing
software (compilers+related tools) that cannot be shipped to customers
until they work as advertised.  Over the last few years I
have become a convert to being more flexible for some kinds of
implementation.

If you have to implement a system quickly, where there is lots
uncertainty about what needs to be done and how to do it, there
are advantages to rolling out partially working systems.  You get
to learn a lot.

Yes, partially working systems+lots of faults cause grief and have
a financial cost.  Every application domain has its level of livable
collateral damage.

Would the design it first and do it 'properly' (whatever that might be)
approach have gotten a collection of working Obamacare systems up on
time (one in each state)?  We will never know.

I don't think we should dismiss the suck it and see approach.  It does
have some advantages.

Do I think the Obamacare implementors explicitly took this approach?
If they did they had better keep it secret.  Suck it and see is all
very well in an internet startup, but not an approach politicians
are likely to agree to using on an important project.

> excellent white papers, technical literature, war stories and battalions
of
> experts.
> But the people at the coalface doing the work aren't listening!
> Les
>
>
> -----Original Message-----
> From: systemsafety-bounces at lists.techfak.uni-bielefeld.de
> [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
> Derek M Jones
> Sent: Friday, February 28, 2014 11:00 AM
> To: systemsafety at lists.techfak.uni-bielefeld.de
> Subject: Re: [SystemSafety] Static Analysis
>
> Les,
>
>> a testimony to a US Congress oversight committee on security
> vulnerabilities
>> in the Obama care system: healthcare.gov.  It makes you weep.
>
> Weep because it contains so much nonsense that people might
> take seriously?
>
> 500 million lines of code?
>
> Ok, so they added up the source of Linux say 50 Million,
> Microsoft Windows was 40 Million last time I heard but lets
> say another 50 Million.
>
> Then there are all the BSD variants, but they are not large,
> say 20 Million all in.  They probably have some Solaris,
> Oracle (no idea how much code is in that), plus all the
> IBM stuff.  Let's say another 150 Million.
>
> Well that gets us half way to 500 Million
>
>> Crowd Sourced Investigations LLC, Testimony of Morgan Wright, CEO, Before
>> the House Committee on Science, Space, and Technology,
>
> "We are a no-cost resource for federal, state and local
> law enforcement that uses the power of social media and crowdsourcing to
> solve
> crime, return the missing and protect our children."
>
> I'm sure they are very good at this.  They need to take a take a few
> classes before saying anything too technical about software.
>
>>
>>
>
http://www.projectauditors.com/Papers/Troubled_Projects/HHRG-113-SY-WState-M
>> Wright-20131119.pdf
>>
>>
>>
>>
>>
>> From: systemsafety-bounces at lists.techfak.uni-bielefeld.de
>> [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
>> Mike Rothon
>> Sent: Wednesday, February 26, 2014 9:25 PM
>> To: systemsafety at lists.techfak.uni-bielefeld.de
>> Subject: Re: [SystemSafety] Static Analysis
>>
>>
>>
>> On 25/02/14 20:40, Peter Bernard Ladkin wrote:
>>
>>
>>
>> It`'s hard to believe. Does stuff like this happen in the
safety-critical
>> area to leading companies still?
>>
>>
>>
>> I appreciate that these may not be because of a lack of static analysis,
> but
>> this caught my eye a little while back:
>>
>>
>
http://www.computerweekly.com/news/2240207488/US-researchers-find-25-securit
>> y-vulnerabilities-in-SCADA-systems
>>
>> And it was interesting to see this mentioned in the Graham Cluley blog
>> linked from The Guardian article.
>>
>> ReVuln's website declares that it can provide details of undisclosed and
>> unpatched vulnerabilities in SCADA/HMI/ICS systems. These are the types
of
>> industrial control systems which are used by critical infrastructure such
> as
>> water treatment, power stations and gas pipelines.
>>
>> Mike
>>
>> Mike Rothon M::+44 7718 209010 mike.rothon at certisa.com
>> Certisa is ISO 9001:2008 certified for Safety, Testing, Documentation and
>> Certification
>> Contact: T::+44 1932 889 442 F::+44 1932 918 118  www.certisa.com
>> <http://www.certisa.com/>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> The System Safety Mailing List
>> systemsafety at TechFak.Uni-Bielefeld.DE
>>
>

-- 
Derek M. Jones                  tel: +44 (0) 1252 520 667
Knowledge Software Ltd          blog:shape-of-code.coding-guidelines.com
Software analysis               http://www.knosof.co.uk
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE

More information about the systemsafety mailing list