On 1/17/2012 9:25 AM, Les Mikesell wrote:
On Tue, Jan 17, 2012 at 11:12 AM, Bennett Haselton bennett@peacefire.org wrote:
Pretty much all software testing is predicated on this notion -- that as you find and fix more bugs (of any kind, not just security bugs), eventually the mean time to find the next bug should get larger. Otherwise, what's the point, if at the end of all your testing and fixing, users keep running into bugs at the same frequency as before?
Look though the changelogs of any major application or the kernel itself. See if it looks like the world is running out of bugs.
Well if the software itself is constantly being modified in other ways (addition of new features) then of course you'll never run out of new bugs either :) But even for software where the features are frozen, bugs in a given category should eventually get harder to find, and/or should be less severe than at the beginning of the cycle (which seemed to be the case whenever I worked in testing).
If this were not the case, then what would even be the point of doing any testing and bug-fixing at all? Unless you expect that eventually the remaining bugs become rarer or less severe.
Bennett