If my google search takes too long or if my facebook account is non functional every now and then, I don’t mind. I just see it as an opportunity to get up and be social in real life. The software teams at those organizations are real bright – I’ve met a lot of those folks and so I’m not here to discount their line of work. You should definitely check out the GTAC (google test automation conference) presentations online for some real good stuff.
I want to talk about critical software! LED signaling systems for railways, NASA space systems, medical devices with embedded apps, braking systems for automobiles, and monitoring tools at water treatment plants. A nullPointerException or segmentation error here directly translates to livelihood.
The test teams for these critical apps must adhere to the highest level of assurance. Certain criteria and checkpoints must be signed off on prior to passing the software along to various customers (product management, fvt, system testing, end user).
There will be a post highlighting the various strategies that folks use to verify critical software. I’m talking low level verification here. Verifying and validating every system component from the kernel versions / updates and library versions / updates to finally making its way to the actual code itself.
Let’s talk about some theory and give your input…
+ Formal Methods
+ Cyclomatic Complexity
+ Equivalence Classes
+ Formal Design Validation (state transition / matrix verification)
+ Static analysis
+ Environment verification (hardware, drivers, kernel, OS, updates, library versions)
I’d rather stick to assurance methodologies instead of focusing on risk mitigation, yet another large beast that needs taming.