软件零缺陷?
本文探讨了软件开发中通过工具快速发现软件缺陷的现状,以及是否有可能最终达到零缺陷的理想状态。
虽然新的分析工具能够更快地发现代码中的问题,但它们并不能创造问题,只是将已存在的问题暴露出来。
尽管修复缺陷可以减少代码中的错误,但新的代码变更和功能添加也可能引入新的缺陷。
作者提出通过监测报告和修复的缺陷的“年龄”来衡量我们是否正在接近零缺陷目标,并分析了curl项目的漏洞数据,指出目前缺陷修复速度并未下降,因此距离零缺陷目标仍有距离。
查看原文开头(英文 · 仅前 3 段)
In this era of powerful tools to find software bugs, we now see tools find a lot of problems at a high speed. This causes problems for developers, as dealing with the growing list of issues is hard. It may take a longer time to address the problems than to find them – not to mention to put them into releases and then it takes yet another extended time until users out in the wild actually get that updated version into their hands.
In order to find many bugs fast, they have to already exist in source code. These new tools don’t add or create the problems. They just find them, filter them out and bring them to the surface for exposure. A better filter in the pool filters out more rubbish.
The more bugs we fix, the fewer bugs remain in the code. Assuming the developers manage to fix problems at a decent enough pace.
※ 出于版权考虑,仅引用前 3 段。完整内容请阅读原文。