SQL Clone
SQLServerCentral is supported by Redgate
Log in  ::  Register  ::  Not logged in

Software Has Bugs

By Steve Jones,

Every once in awhile I have someone I meet complaining about software quality, usually with regards to some piece of Microsoft software. I'll invariably hear how there shouldn't be bugs in SQL Server or Windows, and Microsoft isn't testing their software. This person will claim that they write software with no bugs. I can't remotely believe this is true, aside from small, somewhat trivial applications. All software has bugs, but there's no way to disprove anyone's assertions unless you can get to their software and examine it.

I do think that some people think their software is more bulletproof than it really is, perhaps because no one really does test the limits of their work. It's easy to assume that there aren't problems when no one has ever probed deeply in the different ways the code might execute. After all, this is one of the reasons that developers turn in code that they think works, but in which others find bugs. They haven't explored enough different inputs against the software. This is also why I think unit testing needs to be constant and evolutionary, growing and changing as you find new issues and bugs in your code.

Recently a vulnerability was found in the Samba software, and apparently it has existed for seven years. This means lots of software was vulnerable, and everyone should be patching as soon as possible. I don't know how many people have port 445 open to the Internet, or even open locally, but plenty of people might now know about the issue, so patching makes sense. Scans of the Internet have turned up hundreds of thousands of devices, some of which are running versions that can't be patched.

This isn't meant to complain about Samba, but point out that this is code that is open source, lots of people have looked at and developed against, and I would guess no shortage of security people have checked this for potential vulnerabilities. And still a bug slips through.

Security isn't hopeless, but it's also hard. Software development, with few boundaries limiting the choices developers can make, allows new interactions among the building blocks of code that have never been seen before. Building code is much, much more complicated than any physical structure because we don't have any of the inherent limits of the physical environment. This means that we will, and do, struggle to test all of our software.

I don't think we'll ever eliminate all bugs, but we can vastly improve quality (as many companies have), by moving to a more DevOps development style where we seek to constantly improve quality as a part of software development. We also have more and more developers also seeking to improve their skills, learning new and better patterns throughout their careers, and hopefully, building better software.

Total article views: 56 | Views in the last 30 days: 1
Related Articles

Rogue Software Changes

Today Steve Jones wonders if software developers would make changes to software on their own, withou...


Database synchronization in the Software Development Life Cycle

Reading the title, most of you are probably thinking: What does database synchronization have to do ...


Tuning People?

Database people are used to changing the hardware of the server on which a problem database resides...


Software Teams

Building a team when you are developing software of any size is important and Steve Jones shares one...


Serverless Software

Today Steve Jones talks about the future of software development and how it might not require develo...