Software Reliability and Security

Software problems are the main causes of system failures today. There are many well-known cases of the tragic consequences of software failures. In critical systems, very high reliability is naturally expected. Software packages used everyday also need to be highly reliable, because the enormous investment of the software developer is at stake. Studies have shown that reliability is regarded as the most important attribute by potential customers. All software developed will have a significant number of defects. All programs must be tested and debugged, until sufficiently high reliability is achieved. It is not possible to ensure that all the defects in a software system have been found and removed; however, the number of remaining bugs must be very small. As software must be released within a reasonable time, to avoid loss of revenue and market share, the developer must take a calculated risk and must have a strategy for achieving the required reliability by the target release date. For software systems, quantitative methods for achieving and measuring reliability are coming in use because of the emergence of well-understood and validated approaches. Enough industrial and experimental data are available to develop and validate methods for achieving high reliability. The minimum acceptable standards for software reliability have gradually risen in recent years. This entry presents an overview of the essential concepts and techniques in the software reliability field. We examine factors that impact reliability during development as well as during testing. First, we discuss the reliability approaches taken during different phases of software development. Integration and interoperability testing are examined. Commonly used software reliability measures are defined next. We discuss what factors control software defect density. Key ideas in test methodologies are presented. Use of a software reliability growth model is discussed and illustrated using industrial data. Use of such models allows one to estimate the testing effort needed to reach a reliability goal. We also discuss a similar model for security vulnerabilities in internet-related software. We also see how reliability of a system can be evaluated if we know the failure rates of the components. Finally, the article presents the type of tools that are available to assist in achieving and evaluating reliability. Here, we will use the terms ‘‘failure’’ and ‘‘defect’’ as defined below. Failure: A departure of the system behavior from user requirements during execution. Defect (fault or bug): An error in system implementation that can cause a failure during execution. A defect will cause a failure only when the erroneous code is executed, and the effect is propagated to the output. The testability of a defect is defined as the probability of detecting it with a randomly chosen input. Defects with very low testability can be very difficult to detect. The software reliability improves during testing, as bugs are found and removed. Once the software is released, its reliability is fixed as long as the operating environment remains the same. The software will fail time to time during operational use when it cannot respond correctly to an input. During operational use, bug fixes that update the software are often released. For a software system, its own past behavior is often a good indicator of its reliability, even though data from other similar software systems can be used for making projections.