Damir Rajnovic wrote:
While this is true that only some of the bugs are fixed that fixing canThis is true in the isolation of looking at the cost of fixing any one individual bug, but it is not true in general. Fixing one bug early in the process is cheap and easy. Fixing the *last* bug in a system is astronomically expensive, because the cost of *finding* bugs rises exponentially as you further and further refine it. Worse, you eventually reach a point of equilibrium where your chances of inserting a new bug in the course of fixing a known bug are about even, and it becomes almost impossible to reduce the bug count further.
have unexpectedly high price tag attached. No matter how do you look
at this it _is_ cheaper to fix bugs as soon as possible in the process
(or not introduce them at the first place).
This entire area is rife with mushy psychological issues involving huan's ability to process information correctly. As a result, nearly all of the absolute statements are wrong, and they function only within certain ranges, .e.g. fixing bugs early in development is cheaper than patching in the field, but only within the bounds of digging only so hard for bugs.Personally, I do not see how this can be easily measured.
But even this statement is self-limiting. The above claim is not true (or at least less true) for safety-critical systems like fly-by-wire systems and nuclear reactor controllers, where the cost of failure due to a bug is so high that it is worth paying the extra $$$ to find the residual bugs in the development phase.
My reaction to the feuding over whether it is better to shore up C/C++ or to use newer safer languages like Java and C#: each has their place.
* There are millions of lines of existing C/C++ code running the world. Holding your breath until they are all replaced with type safe code is not going to be effective, and therefore there is strong motive to deploy tools (e.g. StackGuard, RATS, etc.) to improve the safety of this code. * New code should be written in type safe languages unless there is a very strong reason to do otherwise.
-- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com