|Ernesto Guisado's Website » Miscellanea » Marcus Ranum on static analysis||Articles | Miscellanea ||
Ranum runs Fortify on his 1994 Firewall Toolkit (FWTK) and tells about it
(Via Reg Developer).Dijkstra and C.A.R. Hoare though (not a bad thing!):
The more complicated the program is, the harder it is to get it right. It’s really hard to tell the difference between a program that works and one that just appears to work. (Ranum)
Simplicity is prerequisite for reliability. (Dijkstra)
There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult (C.A.R. Hoare)
There another bit that I think sums up Dijkstra’s approach to programming:
I now suggest that we confine ourselves to the design and implementation of intellectually manageable programs (Dijkstra, The Humble Programmer).
With “intellectually manageable”, Dijkstra means being able to contruct a proof of correctness for the program. Software development is difficult and we need all the help we can get. I agree with Ranum that static analysis tools play an important role.