We all know, and if you don’t, here’s the news flash of the century:

All software has flaws and vulnerabilities and security problems and bugs and…

Researchers from Colorado State University have come up with a model to predict the number of vulnerabilities a piece of software will have over it’s lifetime. Using statistical data from previous versions and by averaging the number of flaws per X lines of code, the researchers hope this will lead to fewer vulnerabilities in the long run.

I’ll leave the technical details for you to read on your own , but here’s a tidbit that I think is more valuable than any amount of prediction can provide:

Historically, the researchers found that a company’s programming teams tend not to get better, making the same number of mistakes in one version of software as the next.

I predict better training and better programmers will help reduce security problems for us all.

This entry was posted on Tuesday, July 11th, 2006 at 3:53 pm by Anil Polat and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.