I was speaking with software integrity specialist Coverity this week. So what is software integrity you ask? Well it’s pretty much what it sounds like i.e. the process of examining the software stack from the top to the core to ensure that code, components & plug-ins are sitting as they should be – in the shape, form and function that they should be.
Top to bottom you say – how do you mean?
BOTTOM: Well I mean to describe the ‘bottom’ as the core kernel-level code that governs the infrastructural framework of the application stack and overall solution.
TOP: Pass through middleware and GUI layers and you’re somewhere around the top of the application stack and you might just find web services bouncing around here too.
The problem is that all of these code blocks form a sort of patchwork quilt — there is embedded software, there’s hosted third party software, there’s Agile development blocks for front end services, there’s more slowly developed iterative blocks and there are additional elements to weave in between the patches (literally) at every layer.
Logically then, this is the picture that a software integrity company wants to paint to justify the existence of its product and insist that every patch must be the right size and shape.
Coverity chief scientist and co-founder says that as we now move to a more mobile world, that strength of the materials and plans that we use build our patchwork quilts will be of the upmost importance.
“As with the Windows operating system before it, mobile OSs like Android and IOS are only as good as their underlying code.” Chou notes that shared and reused code is a common source of security vulnerabilities – and most mobile devices are running oodles of it.
So don’t build a software system without a plan, don’t built a software system without some thought to integrity as a determining factor – and don’t stitch a patchwork quilt without some high quality needle and thread.
Not unless you want to lie awake sleepless at night that is.