Buggy code to the left of me, perfect source to the right, here I am, stuck in the middle with EU

European project to clean up software hits halfway point

Midway through SUPERSEDE, the EU three-year project backed by €3.25m in funding to make software better, software still sucks.

It's always been thus, but now that computer code has a say in the driving of Teslas, confronts everyone daily on smartphones, and has crept into appliances, medical devices, and infrastructure, it's a more visible problem.

Robert Vamosi, security strategist at Synopsys, told The Register in a phone interview that software quality matters more than ever.

"We're seeing real-world examples of automobiles remotely attacked and medical devices being suspended when they need to keep functioning," he said. "It's becoming life-critical."

The organizations involved in SUPERSEDE – ATOS, Delta Informatica, SEnerCon, Siemens, Universitat Politècnica de Catalunya (UPC), the University of Applied Sciences and Arts Northwestern Switzerland (FHNW), and the University of Zurich (UZH) – aim to improve the user experience of their software products with a toolkit to provide better feedback and analytics data to application developers.

This telemetry is supposed to help programmers improve their work by seeing how it survives in the hands of normal people.

ATOS intends for its SUPERSEDE-based Smart Player media app to be dynamically configurable and to collect and analyze user feedback in real time. Siemens is using the toolkit to collect feedback from those using Smart City Platform API management system, to understand how publishers and application developers are using its platform. SEnerCon, meanwhile, sees the toolkit as a way to reduce the rate people abandon its interactive Energy Savings Account.

By early 2018, the IT companies and academics involved in the project aim to release their toolkit. Certainly, there's room to make software better, but the need goes beyond usability.

CAST Software, which provides products to measure software quality, last week released its study of the structural quality of IT applications. The firm found that the cost to fix the average business application once it becomes operational exceeds $1 million.

CAST conducted an automated analysis to assess the structural quality of 288 IT applications from 78 companies in various industries. Based on some 108 million lines of code, CAST estimated which problems would need to be fixed and concluded that it would cost about $2.82 per line of code to make those repairs. Given that the average application had 374,000 lines of code, that translates into a projected cost of about $1,055,000 per application.

Software sucks money. But that turns out to be a decent business model with recurring revenue.

Yet if software developers were to suddenly become capable of writing bug-free, secure code, Vamosi thinks the industry would survive. "Then we'd be free to innovate," he said. "But we're a long way from having that happen." ®

Sponsored: Becoming a Pragmatic Security Leader




Biting the hand that feeds IT © 1998–2019