If Adam Kolawa had his way, there would be no such thing as "error correction" in the software-development industry. Kolawa is CEO of Monrovia, Calif.-based Parasoft, a company that specializes in software development tools and services. He's also a passionate advocate for an industrywide commitment to error prevention, rather than the currently predominant approach of accepting bugs as part of the development process and correcting them piecemeal. "Sophisticated error prevention is the sign of a mature industry," Kolawa says. "Right now, the software industry is still going through growing pains."
And, like it or not, costly software errors continue to be a reality amid those growing pains. So Kolawa preaches a five-step approach in which a company corrects an existing problem and also puts the pieces in place to prevent future ones. Besides drastically reducing its own errors, this prevention-focused approach also allows the company to better anticipate and protect against errors that occur industrywide. "In the first approach, you learn from your own mistakes," Kolawa says. "But in the second, you learn from others' mistakes, which is far more cost-effective."
This chart shows how an ounce of prevention can be worth a pound of cure:
1 Identify the error
For some reason, a bank's Java-based transaction-processing system is double-debiting certain charges to customer accounts. This is costing the bank staff time correcting the problem with customers and vendors, and generating and mailing corrected statements.
2 Correct the error
A review by the development team reveals that the database runs out of space about every 10,000th transaction. The Java code throws out an exception, which cleans the database and restarts the system. But it begins again with the same item that it ended with, thus debiting it twice. In simple error correction, developers would correct the code and stop here.
3 Find the origin
Now it's time to dig deeper. The error was the result of a specific section of code that was not closed out correctly and failed to roll the transaction back to its original state. The error was introduced in a code update three months ago. There are wider problems- in the development process of faulty code and insufficient testing- that must be addressed.
4 Prevent other errors
Search all Java application code systemwide for similar occurrences of the coding error to ensure that no other problems are looming. And don't stop there. Stay abreast of problems other companies have had with systems similar to yours. For example, hackers have recently targeted Structured Query Language (SQL) databases in an attack known as SQL Injection. Configure your automated error-prevention software to scan your SQL systems to look for and prevent the code vulnerabilities associated with this attack.
5 Monitor the system
Step by step, the automated error-prevention software will develop a library of potential threats and their telltale signs, and scan the system for problems on a nightly basis. Corrected processes are monitored to ensure they continue to behave. All code updates and system changes are checked to ensure that no new problems are introduced.
No comments:
Post a Comment