Secure Coding mailing list archives

Interesting article ZDNet re informal software development quality

From: "Kenneth R. van Wyk" <Ken () KRvW com>
Date: Mon, 05 Jan 2004 23:29:33 +0000

Greetings SC-L:

I saw an interesting interview on ZDNet today about Walt Scacchi's work at UC 
Irvine.  In his work, Dr. Scacchi assesses open source software development 
methodologies for quality.  (See the full article/interview at http://
zdnet.com.com/2100-1104_2-5135027.html?tag=zdfd.newsfeed)  Although the 
interview doesn't address security issues per se, there was an interesting Q/
A in which Dr. Scacchi describes how so many open source projects don't go 
through a formal specification or design phase (see excerpt below); instead, 
they generally accomplish these steps more informally.

Is anyone here familiar with this research?  If so, do you know if he's 
addressing software security at all?  To what extent?

Lastly, I should point that I'm NOT trying to start another debate on open vs. 
closed source.  I'm more curious about how the informal requirements/
specifications/design process might impact the quality/security of the final 
products.  Whether this is done in open or closed source is, IMHO, moot.

Cheers,

Ken van Wyk

Excerpt of interview with Dr. Scacchi from the above URL on ZDNET:

Q:  What do you mean by "informalism"?
A: That word is chosen to help compare to the practice advocated in software 
engineering, in which one creates a formal systems specification or design 
that might be delivered to the customer. Informalisms are such things as 
information posted on a Web page, a threaded e-mail discussion or a set of 
comments in source code in a project repository. It may be a set of how-tos 
or FAQs on how to get things accomplished. Each is a carrier of fragments of 
what the requirements for the system are going to be.

Q: If they're put together in such a haphazard way, can they really be 
considered requirements?
A: Yes and no. Clearly, they're distributed, but in order for people to 
contribute to the project, those people need to understand where those 
requirements are and how they relate to each other and how to pull them 
together. Part of how the community works is that each of the participants 
discusses what the system should do in whatever informalism they feel is the 
most appropriate to them.

Current thread:

Interesting article ZDNet re informal software development quality Kenneth R. van Wyk (Jan 05)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 06)
  - Re: Interesting article ZDNet re informal software development quality Kenneth R. van Wyk (Jan 06)
    - Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 06)
    - Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 06)
    - Re: Interesting article ZDNet re informal software development quality Bruce Ediger (Jan 07)
    - Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 07)
    - RE: Interesting article ZDNet re informal software development quality Alun Jones (Jan 07)
    - Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 08)
    - Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 08)
    - RE: Interesting article ZDNet re informal software development quality Alun Jones (Jan 08)

(Thread continues...)