<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 08/06/2021 22:14, Derek M Jones
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:52525952-63d7-4451-8ce4-4b9039ce41b3@knosof.co.uk">Martyn,
<br>
<br>
<blockquote type="cite">I'd be interested in data on the defects
injected and fixed. How many per KLOC, how variable between
individuals, what
<br>
</blockquote>
<br>
Defect per KLOC is meaningless unless it is connected with usage
<br>
data, e.g., there can be zero defects per KLOC (because the
software
<br>
has no users), or lots per KLOC because it has millions of users.
<br>
</blockquote>
<p><br>
</p>
<p>The datasets from <a class="moz-txt-link-freetext" href="http://arxiv.org/abs/2106.03679">http://arxiv.org/abs/2106.03679</a> that you
analysed contain defects injected and defects found later in
development and repaired. have you analysed those?</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:52525952-63d7-4451-8ce4-4b9039ce41b3@knosof.co.uk">
<br>
<br>
<br>
I've never seen a breakdown by individual. It's possible to do,
when
<br>
mining github (actually this is by user id, and there are cases of
<br>
the same person having multiple ids), but again usage needs to be
<br>
taken into account.
<br>
</blockquote>
<p><br>
</p>
<p>Again, the <a class="moz-txt-link-freetext" href="http://arxiv.org/abs/2106.03679">http://arxiv.org/abs/2106.03679</a> data seems to show
individuals. The Watts Humphrey study below does that too.<br>
</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:52525952-63d7-4451-8ce4-4b9039ce41b3@knosof.co.uk">
<blockquote type="cite">There was data of this sort from the SEI
30 years ago and some from UK MoD, and some reports by the CHAOS
group twenty years ago but nothing I know of recently.
<br>
</blockquote>
<br>
<br>
</blockquote>
<p><br>
</p>
<p>The SEI data I referred to was from a study carried out by Watts
Humphrey, of the Software Engineering Institute at Carnegie-Mellon
University, analysed the fault density of more than 8000 programs
written by 810 industrial software developers.
resources.sei.cmu.edu/asset_files/SpecialReport/2009_003_001_15035.pdf
p132<br>
<br>
</p>
<blockquote type="cite"
cite="mid:52525952-63d7-4451-8ce4-4b9039ce41b3@knosof.co.uk">
<br>
UK MoD? This does not ring any bells for me. Do you have a
reference,
<br>
<br>
</blockquote>
My reference was to the analysis of Boeing flight control software
published in Crosstalk
<div class="page" title="Page 10">
<div class="layoutArea">
<div class="column">
<ol style="list-style-type: decimal" start="5">
<li style="font-size: 9.000000pt; font-family: 'CMR9'">
<p><span style="font-size: 9.000000pt; font-family:
'CMR9'">German, A.: Software static code analysis
lessons learned. Crosstalk 16(11) (2003)
</span></p>
</li>
</ol>
</div>
</div>
</div>
<br>
and to the review of the Full Authority Digital Engine Controller
that was installed in Chinook helicopters; which is described in a
House of Commons report into the Mull of Kintyre Chinook accident on
2 June 1994 . This said:<i> In the summer of 1993 an independent
defence IT contractor, EDS-SCICON, was instructed to review the
FADEC software; after examining only 18 per cent of the code they
found 486 anomalies and stopped the review</i>.
<p>Martyn<br>
</p>
<br>
<br>
</body>
</html>