[SystemSafety] "Ripple20 vulnerabilities will haunt the IoT landscape for years to come"

Olwen Morgan olwen at phaedsys.com
Wed Jul 1 16:17:37 CEST 2020


Good question.

As far as I can see, all I can possibly know is that a (hopefully 
well-designed) set of tests has failed to falsify the assertion that the 
software meets its specification.

What else could one claim of any experiment?

Olwen


On 26/06/2020 21:46, Martyn Thomas wrote:
> I like to ask “what do you know after your software has passed your tests that you didn’t know before - other than that it passes these specific tests run in this specific order today? And if there is anything, how do you know that?”
>
> I have never received an answer that addresses the question..
>
> Regards
>
> Martyn
>
>> On 26 Jun 2020, at 20:35, Olwen Morgan <olwen at phaedsys.com> wrote:
>>
>>
>> On 26/06/2020 19:36, paul_e.bennett at topmail.co.uk wrote:
>>>> A lot of software source code I have seen from others would immediately fall
>>>> into the rejected category. Mainly through lack of included documentation,
>>>> very high MCC scores and lack of a clear enough interface.
>> Arghhh ... another perennial hobby-horse of mine!
>>
>> Why do so few software engineers never even think of using test metrics to help them *minimise* the number of test cases they require?
>>
>> I usually try to design my own code so that every set of test cases that attains 100% boundary value coverage also attains 100% simple path coverage. It means that you have only the number of simple paths you need to make the relevant logical distinctions among the input conditions (easy to achieve in functional languages and, alas, easier still to fail to achieve in imperative languages).
>>
>> But when I suggest this to other software "engineers", they usually ask me what "boundary value coverage" and "simple path" mean. ...
>>
>>
>> ... and they wonder why I fantasise about their suffering long and excruciating deaths ... ?
>>
>>
>> Brooding in dark, technostalinist hyperbole,
>>
>> Olwen
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> The System Safety Mailing List
>> systemsafety at TechFak.Uni-Bielefeld.DE
>> Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety


More information about the systemsafety mailing list