Firewall Wizards mailing list archives
Re: Re: Firewalls breaking stuff: [Was re: fwtk]
From: Dana Nowell <DanaNowell () cornerstonesoftware com>
Date: Tue, 23 Jul 2002 17:29:36 -0400
At 04:14 PM 7/23/2002 -0400, Paul Robertson wrote:
On Tue, 23 Jul 2002, Dana Nowell wrote:In my experience, it depends :-). In general if the code removed was all the simple boilerplate stuff and the code remaining was all the nasty complex stuff, the absolute number of bugs remains roughly constant and the number/kloc increases. It's the age old issue, bugs/kloc implies that allRight, there's a complexity modifier, however it averages out if the project is large enough (think of it as bug cost averaging.) However, on suitably large projects, there's a somewhat offsetting "bordom" related thing- and with some development teams, the emphasis gets put on debugging and verifying the "hard parts" rather than all of the code.
My bad, the example sucked, try changing: "Take a good programmer, have ... even heard of before, wanna bet the bugs/kloc are the same?" to "Take a good programmer, have him/her write APPLICATION code they are used to writing, take same programmer have them write nasty low level SECURITY ORIENTED protocol crap they have never even heard of before, wanna bet the bugs/kloc are the same?" My complaint with kloc number usage is the frequent misuse of "all things are created equal" logic. Programmers aren't equal and tasks aren't equally suited to all programmers. In general, application UI programmers do not make good security coders and security guys sometimes have trouble spelling UI (that's COMMANDLINE right?). The point I was trying to make was: if the code you remove from the project is coding that the developer on the project is good at and the code you leave in is the coding they suck at, the bugs/kloc is what changes, not the number of bugs in the application. In today's world where Joe Average Application Coder is hanging stuff off the Internet, sucking down just any old packet that happens along, I get scared. Telling me that you are going to have him slash half the application features/code and STILL hang it off the 'net, doesn't make me half as scared. But hey, if it's half the code it's half the kloc so it's half the bugs, right? Of course, it's probably half that I don't really care about as they aren't security related. But damn, we nailed that typo in the screen label by removing the screen from the functionality, one down. Dana Nowell Cornerstone Software Inc. Voice: (603) 595-7480 Fax: (603) 882-7313 mailto:DanaNowell () CornerstoneSoftware com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Charles Swiger (Jul 20)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Paul D. Robertson (Jul 20)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Charles W. Swiger (Jul 22)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Paul Robertson (Jul 22)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Charles W. Swiger (Jul 22)
- <Possible follow-ups>
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Dana Nowell (Jul 23)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Paul Robertson (Jul 23)
- Message not available
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Dana Nowell (Jul 23)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Paul D. Robertson (Jul 20)