[SystemSafety] Autonomous Vehicles and "Hacking" Threats
Stefan Winter
swi at deeds.informatik.tu-darmstadt.de
Fri Nov 21 17:38:39 CET 2014
On 11/21/2014 05:10 PM, Peter Bernard Ladkin wrote:
>> On 21 Nov 2014, at 13:22, Stefan Winter<swi at deeds.informatik.tu-darmstadt.de> wrote:
>> >..........
>> >There is a quotation in the article:
>>> >>“Recent reports analysing software show that 98% of applications have serious defects and in many cases there were 10-15 defects per application,” he said.
>> >Does anyone know which "recent reports" Mr. Boyes may be referring to?
> I'll ask him.
Thank you for offering your help! Thanks to Martyn Thomas I already got
in contact with Mr. Boyes. It turns out that the numbers have been taken
from the "2014 Trustwave Global Security Report". A PDF copy can be
easily found online. Unfortunately, the quoted numbers are for web
applications and not for automotive software.
I had hoped for some better estimate of defect densities for the latter.
The best approximation I had come up with so far is the product of
"lines of code in a modern car" (100 million for a premium car in 2009)
and "defect count per line of code in really critical software" (10^-4).
I had taken these numbers from an IEEE spectrum publication and a short
paper from Gerard Holzmann, hoping that critical NASA software contains
in average less bugs than common automotive code and the calculation,
hence, gives me a conservative estimate. If anyone has a better idea or
wants to share more accurate numbers, please let me know. :-)
For those, who consider quoting the numbers from the Guardian in their
correct context of web applications, it will be difficult to judge their
reliability, as the security report does not provide any details on how
these numbers have been obtained.
Cheers,
Stefan
More information about the systemsafety
mailing list