Researchers Add Software Bugs To Reduce the Number of Software Bugs (networkworld.com) 73
Reader alphadogg writes: Researchers are adding bugs to experimental software code in order to ultimately wind up with programs that have fewer vulnerabilities. The idea is to insert a known quantity of vulnerabilities into code, then see how many of them are discovered by bug-finding tools. By analyzing the reasons bugs escape detection, developers can create more effective bug-finders, according to researchers at New York University in collaboration with others from MIT's Lincoln Laboratory and Northeastern University. They created large-scale automated vulnerability addition (LAVA), which is a low-cost technique that adds the vulnerabilities."The only way to evaluate a bug finder is to control the number of bugs in a program, which is exactly what we do with LAVA," says Brendan Dolan-Gavitt, a computer science and engineering professor at NYU's Tandon School of Engineering.
This is NOT a new thing. (Score:5, Interesting)
The practice is known as "bug farming", and has been around since at least the mid-80s.
I learned it when I was in college in '84.
Re: (Score:2, Redundant)
Actually, is there anything that can be considered "new"?
Everything is just a rehash of stuff we have done before.
You might say that technology is new... but is it really? Technology is just a different way of doing the same old things like communicating with each other and building communities.
All "new" ideas are really just reboots of old ideas.
Re: (Score:2)
You might say that technology is new... but is it really? Technology is just a different way of doing the same old things like communicating with each other and building communities.
If you're going to get ridiculously reductive, then nothing new has shown up since the time very shortly after the big bang when the different forces separated and the laws of physics as we know them took hold (assuming those theories are even close to correct). Everything since then has just been different ways of combining the same old subatomic particles.
Re: (Score:2)
Time is an illusion. Lunchtime doubly so.
Re: (Score:2)
All "new" ideas are really just reboots of old ideas.
You are just repeating one of Herodotus' tweets.
Re: (Score:2)
Apparently that was the name our quality metrics guys used.
Look for "Defect Injection" instead.
Re: (Score:2)
I learned as "bug seeding", but yes, and I'm of about the same vintage as you.
Re: (Score:1)
> The idea is to insert a known quantity of vulnerabilities into code, then see how many of them are discovered by bug-finding tools.
I heard that called "bebugging" in the 70s. Still seems like a good idea.
Won't Help Much (Score:2)
Knowns
Known Unknowns
Unknown Unknowns
You can't train your test for Unknown Unknowns. At best you can heuristically catch Known Unknowns. And Knowns are already Known, you just need to make sure your tools catch them.
Re: (Score:3)
I always hated that that quote ignores the unknown knowns. (Things we know, but don't know we know) They are often the most important things - and things we don't write down until after someone asks us "how did you do that?"
Re: (Score:2)
I always hated that that quote ignores the unknown knowns. (Things we know, but don't know we know)
It also ignores the known unknowns (Things we think we know, but actually don't). Don Rumsfeld famously used this quote, and he "knew" that Iraq had WMDs. He also "knew" that Iraqis would greet us as liberators, throw flowers at our feet, and would be grateful as we spread peace and prosperity across their land. Those things were not in doubt.
Re: (Score:2)
Dick Cheney taught us all about the unknown unknowns [youtube.com].
Re: (Score:2)
*Donald Rumsfeld :-|
Re: (Score:2)
Well what constitutes a bug?
I am guessing this catches those compile errors or buffer overflow issues. However the most bugs I experience is due to miscommunication of the requirement.
Re: (Score:2)
My view of bugs are that the requirements are known, but are changed along the way, so how you deal with the original requirement isn't necessarily how you deal with the new, improved requirement, and trying to not have to rewrite the entire codebase simply to adjust for the whims of a project manager. It is this "miscommunication" that causes the greatest bugs in my experience.
A radio button is not a check box. Designing for one, and having to switch to another, without having to rewrite the surrounding co
Re: (Score:2)
It's not a lame example, It's a perfect example.
Using a radio button means you want a max of 1 choice, yet 3 months down the line they'll change their mind and say they want to allow for multiple choices. You then have to decide on the default state for each checkbox like you decided on what the default radio button was. Then you have to change your database to store a flag for each checkbox instead of a value that has a relationship to a primary key table. And you have to decide on whether or not NULL i
Re: (Score:3)
You're looking for this picture ... "Ignorance Map"
https://lh3.googleusercontent.... [googleusercontent.com]
* Known Unknowns -- All the things you you know you don't know
* Unknown Unknowns -- All the things you don't know you don't know
* Errors -- All the things you think you know but don't
* Unknown Knowns -- All the things you don't know you know
* Taboos -- Dangerous, polluting or forbidden knowledge
* Denials -- All the things too painful to know, so you don't
Ironically, it is missing the most important part:
* Known Knowns -- Eve
Re: (Score:2)
Roman army has been doing this since 450 B.C.
Unit Testing (Score:5, Insightful)
So wait, what you're telling me is that someone just finally discovered that it is a good idea to unit test the unit testing tools!?
Re: (Score:2)
Was going to say the same about Firefox (Score:2)
CS Reseach (Score:2)
Re: (Score:3)
Please do not judge CS researcher by a single paper. BTW, this paper was not even the best paper at IEEE SP. (complete list with best papers at [1].)
From a quick read of the lava paper. It seems that the novelty aspect of LAVA is that the software can inject bugs automatically in complex codebase. So you no longer have a grad student writing obviously faulty code on a toy program or inserting a few bugs manually to test one or two software. LAVA allows you to insert a myriad of bug in a myriad of software t
Researchers invent novel new form of research... (Score:2)
...that leverages the actual practice of research. Read all about it.
Only useful if real-world bugs are included (Score:2)
Artificially introduced bugs are too predictable and contrived. "I'll introduce a buffer overrun error here." Fine. But unless the algorithm can also find real-world buffer overruns, it's not worth much. In real world bugs, the bug is often not obvious to a casual observer, as it would be with an artificially introduced bug.
Re: (Score:2)
You need a parallel experiment, where you have a team of HUMANS who are given the task to introduce sneaky security bugs into the software that allow arbitrary code execution, encryption key exposure, Or accidentally leak other data over the network but are hard to detect and won't show up in unit tests.
You announce that there will be monetary compensation for the authors of the 10 bugs in each category that survive the largest number of code reviews.
Re: (Score:1)
You announce that there will be monetary compensation for the authors of the 10 bugs in each category that survive the largest number of code reviews.
So you have categorized bugs already, well done! That way you can prevent claims based on submissions that you don't consider bugs.
—
Of course it's a bug, otherwise it would have been documented!
Re: (Score:2)
Actually, it is the predictable and contrived nature that makes them useful. How else do you propose to prove that a tool can catch a bug of a particular type than actually designing such a bug of said type? You seem to think they are saying: "Hey, once we've done this, that's everything! Our unit tests cover every possible scenario!" You are like they guy who argues: "Testing is useless because it won't catch every possible problem, so wh
Re: (Score:2)
How else do you propose to prove that a tool can catch a bug of a particular type
I'd analyze commits to actual living systems, looking for fixes made to correct bugs that were found "in the wild." I'd then test the system against the previous version of the code in which the bugs weren't yet fixed, and see if the system could catch them.
By "casual observer," I was assuming that the observer would be proficient in programming.
what about having real qa & not endusers / cod (Score:2)
what about having real qa & not end users and your own coders be the testes?
And the QA needs to have the rights / means to change settings and set up the environment in different ways to test out different things. Helps to have people with a QA / testing mind set there.
For some things changes how things work from an standard / the way it has been for a long time to a new default can seem like an bug / lead to bad stuff happening. Like the Gear shift confusion issue that can kill people where was QA on
Re: (Score:2)
Say what? (Score:1)
Been there, done that... (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I would overrule you too.
A fellow lead tester got overruled on a last minute crash bug for code release. Developers were unable to reproduce the crash, and, since their bonus was on the line, got management to approve for release. Turned out that the executable file got infected with a virus when the developer zipped up the files for the ftp server, which caused the video game to crash after being burned to a CD. A quarter-million CDs got trashed when management learned that the CD master still had the virus. Not something you want
Re: (Score:2)
I wouldnt hire you to be anywhere near a computer
I'm currently a system admin with responsibility for 80,000 workstations in government IT. Rest assured. As a public servant, I'm here to help you.
Re: (Score:2)
No you didn't. The fact that you think you did is frigging hilarious!
Re: (Score:2)
No you didn't. The fact that you think you did is frigging hilarious!
My boss was the lead tester for that video game. He confirmed that I found every open bug that the video game shipped with. He was very impressed that I found them all.
Re: (Score:2)
Show me the word open in your original statement.
Re: (Score:2)
Show me the word open in your original statement.
Why should I entertain your nitpicking? You obviously don't believe what I wrote. Not the first time, not the second time, and probably not the third time.
Re: (Score:2)
That is rich. A supposed highly qualified software tester who thinks that identification of the omission of an element that completely changes the meaning and context is "nitpicking". Yeah. You're great at your job buddy. Off you go now ...
Re: (Score:2)
A supposed highly qualified software tester who thinks that identification of the omission of an element that completely changes the meaning and context is "nitpicking".
If you think that being a video game tester is equivalent to being a "highly qualified software tester," you don't know shit about software testing.
You're great at your job buddy.
I was a video game tester for six years. I spent the last 14+ years in IT support.
Re: (Score:1)
Wow. You really are a complete fucking idiot :-)
Never mind. That is so much better. Details are certainly not important in IT support! ROTFLMAO
Re: (Score:2)
Details are certainly not important in IT support!
Details, no. Problem solving, yes.
Isn't this mutation testing? (Score:1)
I thought this was already called mutation testing [wikipedia.org] in Computer Science. At least in that you create variants of the original program with subtle changes so you can see which mutants are "killed" (aka detected) by your test cases. The more mutants you kill the better the test suite. It seems strange the paper doesn't reference that research at all...
They're not bugs. (Score:2)
And by adding more features, we're getting less - if it's Microsoft.
Article summary sucks (Score:3)