Friday, August 12, 2005 4:02 PM
Want to read nonsense? "The Committee to Fight Microsoft ... " - Just a little reaction
Take a look at this. In my very opinion, this Andy Martin guy hasn't ever written a piece of code nor dos he know about complexity of software nowadays. In fact, I want to quote the book "Exploiting software" by Hoglund and McGraw, Addison Wesley, 2004 on page 14 about "The Trinity of Trouble":
The number of bugs per thousand lines of code (KLOC) varies from system to system. Estimates are anywhere between 5 to 50 bugs per KLOC. Even a system that has undergone rigorous quality assurance (QA) testing will still contain bugs - around five bugs per KLOC. A software system that is only feature tested, like most commercial software, will have many more bugs - around 50 per KLOC [Voas and McGraw, 1999]. Most software products fall into the latter category.
Actually, I want to stress the fact that the latter sentence is based on research from 1999 and I do strongly believe that thanks to the "Trustworthy Computing Statement" by Microsoft and the various security pushes, things are becoming better. But let's continue.
To give you an idea of how much software lives within complex machinery, consider the following:
Lines of Code System
400,000 Solaris 7
17 million Netscape
40 million Space Station
10 million Space Shuttle
7 million Boeing 777
35 million NT5
1.5 million Linux
3 million Windows 3.1
<5 million Windows 95
40 million Windows XP
(...) One simple but unfortunate fact holds true for software: more lines, more bugs.
Now allow me to give you some up-to-date information about some products (source Secunia):
These are just some figures, live from Secunia but it gives some relevant information in my opinion. I know figures are risky things, so I do expect to get a lot of feedback :-). Also check out Steve Riley's Secunia dashboard on http://www.steveriley.ms/sbr/default.aspx.Del.icio.us
| Digg It
Filed under: Microsoft, Security