Qualit¨atssicherung in der Softwareentwicklung VU 10 DI Dr. Bernhard K. Aichernig

(1)

VU 10

DI Dr. Bernhard K. Aichernig

Institut f¨ur Softwaretechnologie (IST) TU Graz

Sommersemester 2012

DI Dr. Bernhard K. Aichernig Qualit¨atssicherung in der Softwareentwicklung

(2)

Ubersicht der Vorlesung ¨

1

Qualit¨ at von Open Source Software (OSS) Definition, Charakteristika und Motivation Daten

Apache und Mozilla Studien

(3)

Charakteristika von OSS

Quelltext (source) ist verf¨ ugbar (normalerweise ¨ uber das Internet)

Quelltext kann und darf modifiziert werden, nach Bedarf des Benutzers.

Gratis, zumindest f¨ ur nicht-kommerzielle Nutzung

Achtung: Free OSS (FOSS) bezieht sich auf freie Nutzung Wird durch sehr liberale Lizenzen geregelt: Copyleft statt Copyright !

Anspruch: Hohe Qualit¨ at durch ein verteiltes, selbstmotiviertes Entwicklungsteam und parallele Programminspektion (code inspection).

Beispiele: Linux, Apache, Mozilla Firefox, etc.

(4)

Terminologie

Free Software: copy-left OSS, Betonung auf politische und ethische Motivation Programme zu teilen. GNU Projekt.

Open Source Software (OSS): Betonung auf Technologie und Prozeß.

Free OSS: Kombination aus Obigen.

Freeware: gratis, typischerweise ohne Quelltext, mit Copyright.

Shareware: Distribution ¨ ahnlich wie Freeware, erfordert aber Bezahlung nach Testperiode oder f¨ ur mehr Funktionalit¨ at (Vollversion).

Adware: Distribution als Freeware, aber mit Werbungseinschaltungen.

Public Domain SW: : Kein Copyright, kann ohne Bezahlung

verteilt werden.

(5)

OSS Definition

nach Open Source Initiative (OSI):

Free redistribution

The program must include source code, and must allow distribution in source code as well as compiled form

The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.

The license must explicitly permit distribution of software built from modified source code.

The license may require derived works to carry a different name or version number from the original software

The license must not discriminate against any person or group of persons

(6)

OSS Definition (cont.)

The license must not restrict anyone from making use of the program in a specific field of endeavor

The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties

The rights attached to the program must not depend on the program’s being part of a particular software distribution The license must not place restrictions on other software that is distributed along with the licensed software

No provision of the license may be predicated on any

individual technology or style of interface (technological

neutrality)

(7)

OSS Entwicklungsprozeß

Entwickler sind meistens Freiwillige; in letzter Zeit auch Firmen.

Entwickler sind auch Anwender: keine Kluft zw.

Dom¨ anenexperte u. SW-Ingenieur.

Entwickler w¨ ahlen ihren Teil der Arbeit aus

Entwickler sind geographisch verteilt; elektronische Kommunikation.

Publizierter Quelltext wird von vielen parallel inspiziert und getestet

H¨ aufige Releases: Im fr¨ uhen Linux-Projekt ver¨ offentlichte Linus Torwalds ¨ ofter als einmal pro Tag.

Elektronische(s) Versionskontrolle (z.B. CVS) und Fehlerverfolgungssystem (Bugzilla).

(8)

GNU Manifesto

Motivation f¨ ur FOSS: Qualit¨ at und Teilen! aus Stallman’s GNU Manifesto:

I consider that the golden rule requires that if I like a program I must share it with other people who like it.

Software sellers want to divide the users and conquer them, making each user agree not to share with others.

I refuse to break solidarity with other users in this way. I cannot in good conscience sign a nondisclosure agreement or a software license agreement.

For years I worked within the Artificial Intelligence Lab to resist

such tendencies and other inhospitalities, but eventually they had

gone too far: I could not remain in an institution where ...

(9)

GNU Manifesto (Forts.)

... where such things are done for me against my will.

Many programmers are unhappy about the commercialization of system software. It may enable them to make more money, but it requires them to feel in conflict with other programmers in general rather than feel as comrades.

The fundamental act of friendship among programmers is the sharing of programs... The purchaser of software must choose between friendship and obeying the law. Naturally, many decide that friendship is more important.

By working on and using GNU rather than proprietary programs, we can be hospitable to everyone and obey the law.

GNU serves as an example to inspire and a banner to rally others to join us in sharing. This can give us a feeling of harmony which is impossible if we use software that is not free. For about half the programmers I talk to, this is an important happiness that money cannot replace.

(10)

GNU Manifesto (Forts.)

Once GNU is written, everyone will be able to obtain good system software free, just like air.

This means much more than just saving everyone the price of a Unix license. It means that much wasteful duplication of system programming effort will be avoided. This effort can go instead into advancing the state of the art.

A user who needs changes in the system will always be free to make them himself, or hire any available programmer or company to make them for him. Users will no longer be at the mercy of one

programmer or company which owns the sources and is in sole position to make changes.

Schools will be able to provide a much more educational

environment by encouraging all students to study and improve the

system code.

(11)

GNU Manifesto: Support

Einw¨ ande bzgl. Support

Nobody will use it if it is free, because that means they can’t rely on any support.

You have to charge for the program to pay for providing the support.

Stallman antwortet:

If people would rather pay for GNU plus service than get GNU free without service, a company to provide just service to people who have obtained GNU free ought to be profitable.

We must distinguish between support in the form of real programming work and mere handholding. The former is something one cannot rely on from a software vendor. If your problem is not shared by enough people, the vendor will tell you to get lost.

(12)

Marktanteile von OSS (2010)

Der popul¨ arste Webserver ist OSS: 49% Marktanteil (Mai 2010)

Quelle: www.netcraft.com

(13)

Marktanteile von OSS (2011)

Der popul¨ arste Webserver ist OSS: 59% Marktanteil (Januar 2011)

Quelle: www.netcraft.com

(14)

Marktanteile von OSS (2012)

Der popul¨ arste Webserver ist OSS: 65% Marktanteil (Januar 2012)

Quelle: www.netcraft.com

(15)

Zuverl¨ assigkeit: Web Hosting

Zuverl¨ assigste Web-Provider, Jan 2011:

Quelle: www.netcraft.com

(16)

Security

J.S. Wurzler Underwriting Managers ’hacker insurance’ kostet 5-15% mehr, wenn man Windows anstatt Unix oder

GNU/Linux verwendet, in Internetanwendungen (2001).

Walter Kopf, senior vice president: ’We have found out that the possibility for loss is greater using the NT system.’

Die meisten defaced Webseiten werden von Windows gehostet:

59% Windows, 21% Linux (Aug. 1999 - Dez. 2000)

66.09% Windows, 17.01% f¨ ur GNU/Linux, von 20,260 defaced Webseiten (Juli 2001)

IIS wurde 1,400 mal ¨ ofter angegriffen als Apache in 2001, und Windows wurde ¨ ofter attakiert als alle Versionen von Unix zusammen.

IIS wurde 1,400 mal ¨ ofter angegriffen als Apache in 2001, und

Windows wurden ¨ ofter angegriffen als alle Versionen von Unix

zusammen.

(17)

Security (Forts.)

Die Gartner Group empfiehlt, dass Firmen von Microsoft IIS auf Apache oder iPlanet wechseln, wegen der

Sicherheitsprobleme mit IIS in der Vergangenheit

Firmen haben bis Juli 2001 1,2 Milliarden USD ausgegeben um Vulnerabilities zu beheben.

50% der Windows Schwachstellen sind kritisch, verglichen mit 10/in Red Hat (Analyse von Nicholas Petreley’s, October 2004)

Red Hat antwortete schneller als Microsoft oder Sun auf Advisories:

Red Hat 11,23 Tage vom Bug zum Patch, Microsoft 16.10 Tage, Sun 3 Monate (1999).

Viren kommen viel ¨ ofter in Windows vor: 60,000 Viren sind f¨ ur Windows bekannt, 40 f¨ ur Linux (2004).

92% der Linux-Systeme wurden nie infiziert (Evans Data, 2004) — meines inkludiert.

(18)

Nicht-Quantitative Qualit¨ atsaspekte

OSS sch¨ utzt vor Risiken und Nachteilen von Single-Source L¨ osungen:

Vendor Lock-In ist ein gut bekanntes Antipattern (mehr Probleme als L¨ osungen).

Microsoft Licensing 6.0 Programm: 80% hatten eine negative Einstellung; Neue Kosten f¨ ur Software Assurance (Wartung) (25% des Listenpreises von Server and 29% von Clients) sind die h¨ ochsten in der Industrie.

Windows XP Produkt Activation: Eine Lizenz gibt nicht mehr L¨ anger das Recht auf unbeschr¨ ankte Anzahl von

Reinstallationen (z.B. bei Hardware¨ anderungen).

(19)

Apache und Mozilla Studien

von A. Mockus et al. 2002.

Studie von Lucent Technologies’ Bell Laboratories Zwei Fallstudien: Apache und Mozilla

Es wurden die Prozeßparameter von erfolgreichen OSS Projekten untersucht und mit industriellen Projekten verglichen.

Einer der Autoren ist Mitglied des Apache-Kernentwicklerteams.

Datenquellen: Mailing-Listen, CVS,

Problemreportdatenbanken (BUGDB und Bugzilla).

Ergebnisse in Form von Hypothesen.

(20)

Hypothese 1

Open source developments will have a core of developers who control the code base,

and will create approximately 80% or more of the new functionality.

If this core group uses only informal ad hoc means of

coordinating their work, the group will be no larger than 10 to

15 people.

(21)

Hypothese 2

If a project is so large that more than 10 to 15 people are required to complete 80% of the code in the desired time frame,

then other mechanisms, rather than just informal ad hoc arrangements, will be required in order to coordinate the work.

These mechanisms may include one or more of the following:

explicit development processes, individual or group code ownership, and required inspections.

(22)

Hypothese 3

In successful open source developments, a group larger by an order of magnitude than the core will repair defects,

and a yet larger group (by another order of magnitude) will

report problems.

(23)

Hypothese 4

Open source developments that have a strong core of developers

but never achieve large numbers of contributors beyond that core

will be able to create new functionality

but will fail because of a lack of resources devoted to finding and repairing defects.

(24)

Hypothese 5

Defect density in open source releases will generally be lower than commercial code

that has only been feature-tested, that is, received a

comparable level of testing.

(25)

Hypothese 6

In successful open source developments, the developers will also be users of the software.

(26)

Hypothese 7

OSS developments exhibit very rapid responses to customer

problems.

(27)

Literatur

A. Mockus, R.T. Fielding, J.D. Herbsleb. Two Case Studies of Open Source Software Development: Apache and Mozilla, ACM Transactions on Software Engineering and Methodology, Vol. 11, No. 3, July 2002, Pages 309–346.

David A. Wheeler. Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers.

www.dwheeler.com/oss fs why.html