Re: [SystemSafety] Autonomous Vehicles and "Hacking" Threats

From: Stefan Winter < >
Date: Fri, 21 Nov 2014 17:38:39 +0100


On 11/21/2014 05:10 PM, Peter Bernard Ladkin wrote:
>> >..........
>> >There is a quotation in the article:
>>> >>“Recent reports analysing software show that 98% of applications have serious defects and in many cases there were 10-15 defects per application,” he said.

>> >Does anyone know which "recent reports" Mr. Boyes may be referring to?
> I'll ask him.

Thank you for offering your help! Thanks to Martyn Thomas I already got in contact with Mr. Boyes. It turns out that the numbers have been taken from the "2014 Trustwave Global Security Report". A PDF copy can be easily found online. Unfortunately, the quoted numbers are for web applications and not for automotive software.

I had hoped for some better estimate of defect densities for the latter. The best approximation I had come up with so far is the product of "lines of code in a modern car" (100 million for a premium car in 2009) and "defect count per line of code in really critical software" (10^-4). I had taken these numbers from an IEEE spectrum publication and a short paper from Gerard Holzmann, hoping that critical NASA software contains in average less bugs than common automotive code and the calculation, hence, gives me a conservative estimate. If anyone has a better idea or wants to share more accurate numbers, please let me know. :-)

For those, who consider quoting the numbers from the Guardian in their correct context of web applications, it will be difficult to judge their reliability, as the security report does not provide any details on how these numbers have been obtained.

Cheers,
Stefan



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Fri Nov 21 2014 - 17:42:35 CET

This archive was generated by hypermail 2.3.0 : Tue Apr 23 2019 - 06:17:07 CEST