[SystemSafety] Autonomous Vehicles and "Hacking" Threats

Stefan Winter swi at deeds.informatik.tu-darmstadt.de
Fri Nov 21 17:38:39 CET 2014


On 11/21/2014 05:10 PM, Peter Bernard Ladkin wrote:
>> On 21 Nov 2014, at 13:22, Stefan Winter<swi at deeds.informatik.tu-darmstadt.de>  wrote:
>> >..........
>> >There is a quotation in the article:
>>> >>“Recent reports analysing software show that 98% of applications have serious defects and in many cases there were 10-15 defects per application,” he said.
>> >Does anyone know which "recent reports" Mr. Boyes may be referring to?
> I'll ask him.

Thank you for offering your help! Thanks to Martyn Thomas I already got 
in contact with Mr. Boyes. It turns out that the numbers have been taken 
from the "2014 Trustwave Global Security Report". A PDF copy can be 
easily found online. Unfortunately, the quoted numbers are for web 
applications and not for automotive software.

I had hoped for some better estimate of defect densities for the latter. 
The best approximation I had come up with so far is the product of 
"lines of code in a modern car" (100 million for a premium car in 2009) 
and "defect count per line of code in really critical software" (10^-4). 
I had taken these numbers from an IEEE spectrum publication and a short 
paper from Gerard Holzmann, hoping that critical NASA software contains 
in average less bugs than common automotive code and the calculation, 
hence, gives me a conservative estimate. If anyone has a better idea or 
wants to share more accurate numbers, please let me know. :-)

For those, who consider quoting the numbers from the Guardian in their 
correct context of web applications, it will be difficult to judge their 
reliability, as the security report does not provide any details on how 
these numbers have been obtained.

Cheers,
Stefan


More information about the systemsafety mailing list