VU 10
DI Dr. Bernhard K. Aichernig
Institut f¨ur Softwaretechnologie (IST) TU Graz
Sommersemester 2012
DI Dr. Bernhard K. Aichernig Qualit¨atssicherung in der Softwareentwicklung
Ubersicht der Vorlesung ¨
1
Qualit¨ at von Open Source Software (OSS) Definition, Charakteristika und Motivation Daten
Apache und Mozilla Studien
Charakteristika von OSS
Quelltext (source) ist verf¨ ugbar (normalerweise ¨ uber das Internet)
Quelltext kann und darf modifiziert werden, nach Bedarf des Benutzers.
Gratis, zumindest f¨ ur nicht-kommerzielle Nutzung
Achtung: Free OSS (FOSS) bezieht sich auf freie Nutzung Wird durch sehr liberale Lizenzen geregelt: Copyleft statt Copyright !
Anspruch: Hohe Qualit¨ at durch ein verteiltes, selbstmotiviertes Entwicklungsteam und parallele Programminspektion (code inspection).
Beispiele: Linux, Apache, Mozilla Firefox, etc.
DI Dr. Bernhard K. Aichernig Qualit¨atssicherung in der Softwareentwicklung
Terminologie
Free Software: copy-left OSS, Betonung auf politische und ethische Motivation Programme zu teilen. GNU Projekt.
Open Source Software (OSS): Betonung auf Technologie und Prozeß.
Free OSS: Kombination aus Obigen.
Freeware: gratis, typischerweise ohne Quelltext, mit Copyright.
Shareware: Distribution ¨ ahnlich wie Freeware, erfordert aber Bezahlung nach Testperiode oder f¨ ur mehr Funktionalit¨ at (Vollversion).
Adware: Distribution als Freeware, aber mit Werbungseinschaltungen.
Public Domain SW: : Kein Copyright, kann ohne Bezahlung
verteilt werden.
OSS Definition
nach Open Source Initiative (OSI):
Free redistribution
The program must include source code, and must allow distribution in source code as well as compiled form
The license must allow modifications and derived works, and must allow them to be distributed under the same terms as the license of the original software.
The license must explicitly permit distribution of software built from modified source code.
The license may require derived works to carry a different name or version number from the original software
The license must not discriminate against any person or group of persons
DI Dr. Bernhard K. Aichernig Qualit¨atssicherung in der Softwareentwicklung
OSS Definition (cont.)
The license must not restrict anyone from making use of the program in a specific field of endeavor
The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties
The rights attached to the program must not depend on the program’s being part of a particular software distribution The license must not place restrictions on other software that is distributed along with the licensed software
No provision of the license may be predicated on any
individual technology or style of interface (technological
neutrality)
OSS Entwicklungsprozeß
Entwickler sind meistens Freiwillige; in letzter Zeit auch Firmen.
Entwickler sind auch Anwender: keine Kluft zw.
Dom¨ anenexperte u. SW-Ingenieur.
Entwickler w¨ ahlen ihren Teil der Arbeit aus
Entwickler sind geographisch verteilt; elektronische Kommunikation.
Publizierter Quelltext wird von vielen parallel inspiziert und getestet
H¨ aufige Releases: Im fr¨ uhen Linux-Projekt ver¨ offentlichte Linus Torwalds ¨ ofter als einmal pro Tag.
Elektronische(s) Versionskontrolle (z.B. CVS) und Fehlerverfolgungssystem (Bugzilla).
DI Dr. Bernhard K. Aichernig Qualit¨atssicherung in der Softwareentwicklung
GNU Manifesto
Motivation f¨ ur FOSS: Qualit¨ at und Teilen! aus Stallman’s GNU Manifesto:
I consider that the golden rule requires that if I like a program I must share it with other people who like it.
Software sellers want to divide the users and conquer them, making each user agree not to share with others.
I refuse to break solidarity with other users in this way. I cannot in good conscience sign a nondisclosure agreement or a software license agreement.
For years I worked within the Artificial Intelligence Lab to resist
such tendencies and other inhospitalities, but eventually they had
gone too far: I could not remain in an institution where ...
GNU Manifesto (Forts.)
... where such things are done for me against my will.
Many programmers are unhappy about the commercialization of system software. It may enable them to make more money, but it requires them to feel in conflict with other programmers in general rather than feel as comrades.
The fundamental act of friendship among programmers is the sharing of programs... The purchaser of software must choose between friendship and obeying the law. Naturally, many decide that friendship is more important.
By working on and using GNU rather than proprietary programs, we can be hospitable to everyone and obey the law.
GNU serves as an example to inspire and a banner to rally others to join us in sharing. This can give us a feeling of harmony which is impossible if we use software that is not free. For about half the programmers I talk to, this is an important happiness that money cannot replace.
DI Dr. Bernhard K. Aichernig Qualit¨atssicherung in der Softwareentwicklung
GNU Manifesto (Forts.)
Once GNU is written, everyone will be able to obtain good system software free, just like air.
This means much more than just saving everyone the price of a Unix license. It means that much wasteful duplication of system programming effort will be avoided. This effort can go instead into advancing the state of the art.
A user who needs changes in the system will always be free to make them himself, or hire any available programmer or company to make them for him. Users will no longer be at the mercy of one
programmer or company which owns the sources and is in sole position to make changes.
Schools will be able to provide a much more educational
environment by encouraging all students to study and improve the
system code.
GNU Manifesto: Support
Einw¨ ande bzgl. Support
Nobody will use it if it is free, because that means they can’t rely on any support.
You have to charge for the program to pay for providing the support.
Stallman antwortet:
If people would rather pay for GNU plus service than get GNU free without service, a company to provide just service to people who have obtained GNU free ought to be profitable.
We must distinguish between support in the form of real programming work and mere handholding. The former is something one cannot rely on from a software vendor. If your problem is not shared by enough people, the vendor will tell you to get lost.
DI Dr. Bernhard K. Aichernig Qualit¨atssicherung in der Softwareentwicklung
Marktanteile von OSS (2010)
Der popul¨ arste Webserver ist OSS: 49% Marktanteil (Mai 2010)
Quelle: www.netcraft.com
Marktanteile von OSS (2011)
Der popul¨ arste Webserver ist OSS: 59% Marktanteil (Januar 2011)
Quelle: www.netcraft.com
DI Dr. Bernhard K. Aichernig Qualit¨atssicherung in der Softwareentwicklung
Marktanteile von OSS (2012)
Der popul¨ arste Webserver ist OSS: 65% Marktanteil (Januar 2012)
Quelle: www.netcraft.com
Zuverl¨ assigkeit: Web Hosting
Zuverl¨ assigste Web-Provider, Jan 2011:
Quelle: www.netcraft.com
DI Dr. Bernhard K. Aichernig Qualit¨atssicherung in der Softwareentwicklung
Security
J.S. Wurzler Underwriting Managers ’hacker insurance’ kostet 5-15% mehr, wenn man Windows anstatt Unix oder
GNU/Linux verwendet, in Internetanwendungen (2001).
Walter Kopf, senior vice president: ’We have found out that the possibility for loss is greater using the NT system.’
Die meisten defaced Webseiten werden von Windows gehostet:
59% Windows, 21% Linux (Aug. 1999 - Dez. 2000)
66.09% Windows, 17.01% f¨ ur GNU/Linux, von 20,260 defaced Webseiten (Juli 2001)
IIS wurde 1,400 mal ¨ ofter angegriffen als Apache in 2001, und Windows wurde ¨ ofter attakiert als alle Versionen von Unix zusammen.
IIS wurde 1,400 mal ¨ ofter angegriffen als Apache in 2001, und
Windows wurden ¨ ofter angegriffen als alle Versionen von Unix
zusammen.
Security (Forts.)
Die Gartner Group empfiehlt, dass Firmen von Microsoft IIS auf Apache oder iPlanet wechseln, wegen der
Sicherheitsprobleme mit IIS in der Vergangenheit
Firmen haben bis Juli 2001 1,2 Milliarden USD ausgegeben um Vulnerabilities zu beheben.
50% der Windows Schwachstellen sind kritisch, verglichen mit 10/in Red Hat (Analyse von Nicholas Petreley’s, October 2004)
Red Hat antwortete schneller als Microsoft oder Sun auf Advisories:
Red Hat 11,23 Tage vom Bug zum Patch, Microsoft 16.10 Tage, Sun 3 Monate (1999).
Viren kommen viel ¨ ofter in Windows vor: 60,000 Viren sind f¨ ur Windows bekannt, 40 f¨ ur Linux (2004).
92% der Linux-Systeme wurden nie infiziert (Evans Data, 2004) — meines inkludiert.
DI Dr. Bernhard K. Aichernig Qualit¨atssicherung in der Softwareentwicklung
Nicht-Quantitative Qualit¨ atsaspekte
OSS sch¨ utzt vor Risiken und Nachteilen von Single-Source L¨ osungen:
Vendor Lock-In ist ein gut bekanntes Antipattern (mehr Probleme als L¨ osungen).
Microsoft Licensing 6.0 Programm: 80% hatten eine negative Einstellung; Neue Kosten f¨ ur Software Assurance (Wartung) (25% des Listenpreises von Server and 29% von Clients) sind die h¨ ochsten in der Industrie.
Windows XP Produkt Activation: Eine Lizenz gibt nicht mehr L¨ anger das Recht auf unbeschr¨ ankte Anzahl von
Reinstallationen (z.B. bei Hardware¨ anderungen).
Apache und Mozilla Studien
von A. Mockus et al. 2002.
Studie von Lucent Technologies’ Bell Laboratories Zwei Fallstudien: Apache und Mozilla
Es wurden die Prozeßparameter von erfolgreichen OSS Projekten untersucht und mit industriellen Projekten verglichen.
Einer der Autoren ist Mitglied des Apache-Kernentwicklerteams.
Datenquellen: Mailing-Listen, CVS,
Problemreportdatenbanken (BUGDB und Bugzilla).
Ergebnisse in Form von Hypothesen.
DI Dr. Bernhard K. Aichernig Qualit¨atssicherung in der Softwareentwicklung
Hypothese 1
Open source developments will have a core of developers who control the code base,
and will create approximately 80% or more of the new functionality.
If this core group uses only informal ad hoc means of
coordinating their work, the group will be no larger than 10 to
15 people.
Hypothese 2
If a project is so large that more than 10 to 15 people are required to complete 80% of the code in the desired time frame,
then other mechanisms, rather than just informal ad hoc arrangements, will be required in order to coordinate the work.
These mechanisms may include one or more of the following:
explicit development processes, individual or group code ownership, and required inspections.
DI Dr. Bernhard K. Aichernig Qualit¨atssicherung in der Softwareentwicklung
Hypothese 3
In successful open source developments, a group larger by an order of magnitude than the core will repair defects,
and a yet larger group (by another order of magnitude) will
report problems.
Hypothese 4
Open source developments that have a strong core of developers
but never achieve large numbers of contributors beyond that core
will be able to create new functionality
but will fail because of a lack of resources devoted to finding and repairing defects.
DI Dr. Bernhard K. Aichernig Qualit¨atssicherung in der Softwareentwicklung
Hypothese 5
Defect density in open source releases will generally be lower than commercial code
that has only been feature-tested, that is, received a
comparable level of testing.
Hypothese 6
In successful open source developments, the developers will also be users of the software.
DI Dr. Bernhard K. Aichernig Qualit¨atssicherung in der Softwareentwicklung
Hypothese 7
OSS developments exhibit very rapid responses to customer
problems.
Literatur
A. Mockus, R.T. Fielding, J.D. Herbsleb. Two Case Studies of Open Source Software Development: Apache and Mozilla, ACM Transactions on Software Engineering and Methodology, Vol. 11, No. 3, July 2002, Pages 309–346.
David A. Wheeler. Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers.
www.dwheeler.com/oss fs why.html
DI Dr. Bernhard K. Aichernig Qualit¨atssicherung in der Softwareentwicklung