[SC-L] "Checklist Manifesto" applicability to software security
Andy Steingruebl
steingra at gmail.com
Thu Jan 7 12:19:14 EST 2010
On Thu, Jan 7, 2010 at 7:11 AM, Jeremy Epstein
<jeremy.j.epstein at gmail.com> wrote:
> Greetings,
>
> So as I was listening, I was thinking that many of the same things
> could be said about software developers and problems with software
> security - every piece of software is unique, any non-trivial piece of
> software is amazingly complex, developers tend to consider themselves
> as artists creating unique works, etc.
>
> Has anyone looked into the parallelisms before? If so, I'd be
> interested in chatting (probably offlist) about your thoughts.
I've had exceptionally good luck/results from checklists during the
development process, though nothing I could scientifically quantify.
That said, I wonder whether any of the academics on the list would be
willing to actually do a study. Do some actual trials on defect rates
in things like student assignments when they have some students go
through a checklist to examine their code, and others not. Might be
interesting to see exactly what types of checklist items really result
in a reduction in bugs...
--
Andy Steingruebl
steingra at gmail.com
More information about the SC-L
mailing list