From owner-freebsd-security  Fri Jul 24 02:10:09 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA25030
          for freebsd-security-outgoing; Fri, 24 Jul 1998 02:10:09 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.119.24.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA24966
          for <security@FreeBSD.ORG>; Fri, 24 Jul 1998 02:09:33 -0700 (PDT)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.8.7/8.8.7) with ESMTP id JAA08973;
	Fri, 24 Jul 1998 09:08:54 GMT
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id LAA11204;
	Fri, 24 Jul 1998 11:08:53 +0200 (MET DST)
Message-ID: <19980724110852.62387@follo.net>
Date: Fri, 24 Jul 1998 11:08:52 +0200
From: Eivind Eklund <eivind@yes.no>
To: "Lee Crites (ASC)" <leec@adam.adonai.net>, Brett Glass <brett@lariat.org>
Cc: Andrew Kenneth Milton <akm@zeus.theinternet.com.au>, security@FreeBSD.ORG
Subject: Re: Translation to a safer language (Was: Projects to improve   security)
References: <199807221459.IAA04129@lariat.lariat.org> <Pine.BSF.3.96.980723233121.9874C-100000@adam.adonai.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <Pine.BSF.3.96.980723233121.9874C-100000@adam.adonai.net>; from Lee Crites (ASC) on Thu, Jul 23, 1998 at 11:36:47PM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, Jul 23, 1998 at 11:36:47PM -0500, Lee Crites (ASC) wrote:
> On Wed, 22 Jul 1998, Brett Glass wrote:
> 
> =>>The only way to prevent bad code is to audit and test.
> =>
> =>It'd be nice if even *that* worked. I've developed a renewed interest
> =>in mechanical verification.
> 
> There is this guy named Michael Fagan who is going about teaching
> what he calls Fagan Inspections.  It sounds okay on the surface,
> but there is nothing magical about it.  Faganized code *should*
> have fewer defects in it -- any code you and three friends spend
> 40% of your time inspecting had darn well better have fewer
> defects!  Actually, I said that backwards -- 40% of your coding
> man hours will be in inspections.  If you had a 60 man hour
> project, then it would be 100 man hours including the
> inspections.
> 
> There are a lot of stats showing a real defect reduction by
> Faganizing your code (and documents -- they both work). 
> Motorola, for instance, swears by them.  (...we are still at the
> stage of swearing *at* them...) 

Inspections (or "Fagan inspections" if you want) work.  They're
difficult to introduce and require physical presence, but when you get
them working they both synchronize how people work, thus making it
easier to share code, and make a relly significant dent in the number
of defects.  From a personal viewpoint (I didn't measure this), they
seemed much more effective than just doing reviews.

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message