Dreaming of the perfect software? It might still be something of a dream but researchers in Colorado State University are on to making models that you could use to predict the number of flaws in an application or operating system. They aim to present the results of their study in a conference on secure computing in September.
In achieving this goal,they are testing their models on the Apache Web server and the Microsoft IIS server. They are hoping that this would be useful in reducing the number of flaws, especially those involving security. So far, the researchers have found out the number of vulnerabilities found in Windows 95, Windows NT and Red Hat 7.1, in the web servers Apache and IIS all fit their model well. They also found out that there is an S-curve relationship for the vulnerabilities.
This research would be helpful in decision-making. This would be a good way of gauging the readiness of the software the developers are about to release. It would be difficult to ship the software without the knowledge of how vulnerable it is. The difficulty in the case of software that are released immediately is that there might be a lot of flaws. Think of the number of times you might have had to download security patches for the software you are using. That is not just a hassle on your end, but think of how much damage your system could have suffered.
Learning from mistakes
There are many causes of flaws and vulnerabilities. Even so, there is an opportunity to improve the quality of the software being developed. There are people who are continuously working on the security issues and these researchers are going to be part of this group. It is not an easy task and having tools like this could create an impact on the software industry.