[SystemSafety] What do we know about software reliability?

Coq, Thierry Thierry.Coq at dnvgl.com
Tue Sep 15 18:31:04 CEST 2020 

Hello,
[…]
>> as vulnerabilities are discovered, shared and exploited, failure rates increase
When the software is attacked by a hacker on a known weakness, there is a 100% chance of being hacked. Thus, the software behavior aka reliability is deterministic. Good luck in building a probabilistic theory for the attackers ☺.

>> as software is maintained to fix known errors, the fault density may steadily increase because the maintenance degrades the artchitecture and more defects are introduced. (I have seen this happen gradually to major software systems in my career).
Is there any scientific paper linking defect density to frequency of failure? In fact, Ariane A501 disproves the theory, since there is NO increase of defect density in that particular instance, but there is a change from 0% to 100% failure rate, which is characteristic of a deterministic behavior.
In fact, in addition to A301, there are many known examples of the opposite, for example the well-known American Operating System: M…t, which has a huge defect density, but used daily by millions of users, including us. And strangely, for many hard real-time scenarios ????
More generally, all probabilistic theories of software reliability require something unprovable: how does one prove the “environment” from one test to another has not changed “significantly”? (keep in mind the A501 test case). In practice, they all measure the randomness of the environment, and not any randomness of a deterministic process (aka the software) of which there is none. If we are trying to build a reliability theory of the environment of software, then it is a different matter.
Best regards,
Thierry Coq
The opinions expressed here are my own.

From: systemsafety <systemsafety-bounces at lists.techfak.uni-bielefeld.de> On Behalf Of Martyn Thomas
Sent: mardi 15 septembre 2020 16:07
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] What do we know about software reliability?


Software in its operating environment does degrade over time.

  *   What was fit for purpose one year no longer is the year following.
  *   as software is maintained to fix known errors, the fault density may steadily increase because the maintenance degrades the artchitecture and more defects are introduced. (I have seen this happen gradually to major software systems in my career).

The failure rates can be determined statistically within scientifically sound confidence levels. To me, "reliability" carries the right message. It may be an imperfect analogy but many words are.

Martyn
On 15/09/2020 14:30, Michael Holloway wrote:
o far too many people (myself included) "reliability" necessarily includes notions of either randomness (for example, given an identical environment, history, design, and manufacturer, component A fails but B does not) or degradation over time.  Because neither notion applies to conventional software, the phrase "software reliability" is (and always will be) to me at best meaningless and at worst misleading.


**************************************************************************************
This e-mail and any attachments thereto may contain confidential information and/or information protected by intellectual property rights for the exclusive attention of the intended addressees named above. If you have received this transmission in error, please immediately notify the sender by return e-mail and delete this message and its attachments. Unauthorized use, copying or further full or partial distribution of this e-mail or its contents is prohibited.
**************************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/pipermail/systemsafety/attachments/20200915/22c91188/attachment.html>

More information about the systemsafety mailing list