<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:inherit;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1613046864;
mso-list-template-ids:-2016667200;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="FR" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">Hello,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">[…]<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">>> as vulnerabilities are discovered, shared and exploited, failure rates increase<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">When the software is attacked by a hacker on a known weakness, there is a 100% chance of being hacked. Thus, the software behavior aka reliability is deterministic. Good luck in building
a probabilistic theory for the attackers </span><span lang="EN-US" style="font-family:Wingdings;mso-fareast-language:EN-US">J</span><span lang="EN-US" style="mso-fareast-language:EN-US">.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US" style="mso-fareast-language:EN-US">>>
</span><span lang="EN-US">as software is maintained to fix known errors, the fault density may steadily increase because the maintenance degrades the artchitecture and more defects are introduced. (I have seen this happen gradually to major software systems
in my career).<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Is there any scientific paper linking defect density to frequency of failure? In fact, Ariane A501 disproves the theory, since there is NO increase of defect
density in that particular instance, but there is a change from 0% to 100% failure rate, which is characteristic of a deterministic behavior.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">In fact, in addition to A301, there are many known examples of the opposite, for example the well-known American Operating System: M…t, which has a huge defect
density, but used daily by millions of users, including us. And strangely, for many hard real-time scenarios ????<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">More generally, all probabilistic theories of software reliability require something unprovable: how does one prove the “environment” from one test to another
has not changed “significantly”? (keep in mind the A501 test case). In practice, they all measure the randomness of the environment, and not any randomness of a deterministic process (aka the software) of which there is none. If we are trying to build a reliability
theory of the environment of software, then it is a different matter. <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-US">Best regards,<o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span lang="EN-US" style="font-size:9.0pt;font-family:inherit;color:#003591;border:none windowtext 1.0pt;padding:0cm">Thierry Coq</span></b><span lang="EN-US" style="font-size:9.0pt;font-family:"Verdana",sans-serif;color:black"><br>
</span><span lang="EN-US">The opinions expressed here are my own.<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> systemsafety <systemsafety-bounces@lists.techfak.uni-bielefeld.de>
<b>On Behalf Of </b>Martyn Thomas<br>
<b>Sent:</b> mardi 15 septembre 2020 16:07<br>
<b>To:</b> systemsafety@lists.techfak.uni-bielefeld.de<br>
<b>Subject:</b> Re: [SystemSafety] What do we know about software reliability?<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p>Software in its operating environment does degrade over time. <o:p></o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
What was fit for purpose one year no longer is the year following.<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
<span lang="EN-US">as software is maintained to fix known errors, the fault density may steadily increase because the maintenance degrades the artchitecture and more defects are introduced.
</span>(I have seen this happen gradually to major software systems in my career).<o:p></o:p></li></ul>
<p>The failure rates can be determined statistically within scientifically sound confidence levels. To me, "reliability" carries the right message. It may be an imperfect analogy but many words are.
<o:p></o:p></p>
<p>Martyn<o:p></o:p></p>
<div>
<p class="MsoNormal">On 15/09/2020 14:30, Michael Holloway wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="font-size:18.0pt;font-family:"Georgia",serif">o far too many people (myself included) "reliability" necessarily includes notions of either randomness (for example, given an identical environment, history, design, and manufacturer,
component A fails but B does not) or degradation over time. Because neither notion applies to conventional software, the phrase "software reliability" is (and always will be) to me at best meaningless and at worst misleading.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:18.0pt;font-family:"Georgia",serif"><o:p> </o:p></span></p>
</div>
</blockquote>
</div>
<div style="font-size:7pt; color:rgb(102,102,102); font-family: 'Verdana',sans-serif;">
<br>
**************************************************************************************<br>
This e-mail and any attachments thereto may contain confidential information and/or information protected by intellectual property rights for the exclusive attention of the intended addressees named above. If you have received this transmission in error, please
immediately notify the sender by return e-mail and delete this message and its attachments. Unauthorized use, copying or further full or partial distribution of this e-mail or its contents is prohibited.<br>
**************************************************************************************<br>
</div>
</body>
</html>