| So how many bugs remain? Mostly rhetorical question, but can any extrapolation be done? If you
go back five years, can any of those numbers correlate to the findings
since? Do any metrics such as cyclomatic complexity, #defects/kLoC[1][2],
unit tests or code coverage help? In most cases the definition of "defect" is not well-defined, nor in
many cases easily comparable (e.g., a typo in a debug message compared
to handling SSL flags wrong). Is is a requirements or documentation
bug: the specification to the the implementer was not sufficiently
clear or was ambiguous. Also, when do we start counting
defects? If I misspelled a keyword and the compiler flagged it, does
that count? Only after the code is commited? Caught by QA? Or after
it is deployed or released in a product? Is it related to the programming language? Programmer skill level and
fluency with language/libraries/tools? Did they not get enough sleep the night
before when they coded that section? Or were they deep in thought
thinking about 4 edges cases for this method when someone popped their
head in to ask about lunch plans and knocked one of them out?
Does faster coding == more "productive" programmer == more defects long term? I'm not sure if we're still programming cavemen or have created
paleolithic programming tools yet[3][4]. p.s.: satisified user of cURL since at least 1998! [1] http://www.infoq.com/news/2012/03/Defects-Open-Source-Commercial
[2] http://programmers.stackexchange.com/questions/185660/is-the-average-number-of-bugs-per-loc-the-same-for-different-programming-languag
[3] https://vimeo.com/9270320 - Greg Wilson - What We Actually Know About Software Development, and Why We Believe It's True
(probably shorter, more recent talks exists (links appreciated))
[4] https://www.youtube.com/watch?v=ubaX1Smg6pY - Alan Kay - Is it really "Complex"? Or did we just make it "Complicated"?
(tangentially about software engineering, but eye-opening for how much more they were doing, and with fewer lines of code) (also, any of his talks)
|