Future Watch: Software bugs on the march

Computerworld - The blame for software bugs belongs nearly everywhere. It belongs to vendors that rush products to market without adequately testing them, a sin also shared by corporate in-house development teams. It belongs to a legal system that has given software developers a free pass on bug-related damages. And it belongs to university computer science programs that stress development over testing.
Blame, however, doesn't belong with Sarfraz Khurshid, an MIT researcher who's at the forefront of developing automated testing processes for software. Testing software involves generating "inputs" -- instructions for software to follow. But there are as many ways to test software as there are different snowflake patterns. For every possible way software can break, there must be a test that can detect that.
"There are an infinite number of inputs," says Khurshid, but once you know how to automatically generate them, "which ones do you generate?"
Khurshid has developed algorithms for generating inputs, and he expects the automated testing algorithms to improve over the next few years. But experts say improvements in automated testing technology alone won't necessarily lead to better software quality.
"Most software products have not been designed for quality," says Herb Krasner, who heads the Software Quality Institute at the University of Texas at Austin. "In the commercial world, quality software is not the primary motivation -- the primary motivation is to get to market as fast as possible. It's the race to market that compromises quality in many cases."
Inadequate software testing is blamed for $60 billion in annual costs incurred by users and vendors, according to a study conducted last year by the Commerce Department's National Institute of Standards and Technology in Gaithersburg, Md. Viruses that exploit defects can cause billions of dollars in additional damages.
Standards Push
Today, there are no standards for measuring software quality, broadly defined as functionality, reliability, usability, efficiency, maintainability and portability. But there's a long-term effort under way to develop standards for comparing the quality of products, something that's impossible today.
This effort was prompted, in part, by one of the most famous software bugs of all: The one that caused the 1999 crash of the Mars Polar Lander on Mars. It was a watershed event for NASA and led to a decision by the space agency to expand its work with universities on quality issues. It even signed a lease allowing Carnegie Mellon University to establish a West Coast campus at Moffett Field, Calif.
NASA also helped to spearhead the creation of the Carnegie Mellon-based Sustainable Computing Consortium