Secure Coding mailing list archives
Interesting article ZDNet re informal software development quality
From: "Kenneth R. van Wyk" <Ken () KRvW com>
Date: Mon, 05 Jan 2004 23:29:33 +0000
Greetings SC-L: I saw an interesting interview on ZDNet today about Walt Scacchi's work at UC Irvine. In his work, Dr. Scacchi assesses open source software development methodologies for quality. (See the full article/interview at http:// zdnet.com.com/2100-1104_2-5135027.html?tag=zdfd.newsfeed) Although the interview doesn't address security issues per se, there was an interesting Q/ A in which Dr. Scacchi describes how so many open source projects don't go through a formal specification or design phase (see excerpt below); instead, they generally accomplish these steps more informally. Is anyone here familiar with this research? If so, do you know if he's addressing software security at all? To what extent? Lastly, I should point that I'm NOT trying to start another debate on open vs. closed source. I'm more curious about how the informal requirements/ specifications/design process might impact the quality/security of the final products. Whether this is done in open or closed source is, IMHO, moot. Cheers, Ken van Wyk Excerpt of interview with Dr. Scacchi from the above URL on ZDNET: Q: What do you mean by "informalism"? A: That word is chosen to help compare to the practice advocated in software engineering, in which one creates a formal systems specification or design that might be delivered to the customer. Informalisms are such things as information posted on a Web page, a threaded e-mail discussion or a set of comments in source code in a project repository. It may be a set of how-tos or FAQs on how to get things accomplished. Each is a carrier of fragments of what the requirements for the system are going to be. Q: If they're put together in such a haphazard way, can they really be considered requirements? A: Yes and no. Clearly, they're distributed, but in order for people to contribute to the project, those people need to understand where those requirements are and how they relate to each other and how to pull them together. Part of how the community works is that each of the participants discusses what the system should do in whatever informalism they feel is the most appropriate to them.
Current thread:
- Interesting article ZDNet re informal software development quality Kenneth R. van Wyk (Jan 05)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Kenneth R. van Wyk (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 06)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Bruce Ediger (Jan 07)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 07)
- RE: Interesting article ZDNet re informal software development quality Alun Jones (Jan 07)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 08)
- Re: Interesting article ZDNet re informal software development quality George Capehart (Jan 08)
- RE: Interesting article ZDNet re informal software development quality Alun Jones (Jan 08)
- Re: Interesting article ZDNet re informal software development quality Kenneth R. van Wyk (Jan 06)
- Re: Interesting article ZDNet re informal software development quality Crispin Cowan (Jan 06)