Keeping an eye on the coders: a new idea to eliminate flawed programs

codeHere’s an interesting new idea from Microsoft – a radical solution to the problem of buggy code.

The new paper, posed by Redmondian Andrew Begel and a group of Zurich university boffins, suggests managers monitor programmers via EEG, EDA and eye-tracking sensors. These will alert them when the individual is struggling and therefore likely to introduce flawed code.

Now, it sounds like a pretty good idea in theory, and in practice has apparently performed pretty well. But one security expert I spoke to had some major misgivings.

Imperva co-founder and CTO Amichai Shulman argued that it might stray outside the boundaries of what could be construed “reasonable”.

“I think constantly monitoring the psychological status and the physical conditions of programmers, seems tremendously intrusive and probably strays way off from what I consider to be ‘reasonable means’,” he told me.

“However, I think that even if we review this in the cold eyes of a software professional there are some doubts about the usefulness of this method in general and its application to security vulnerabilities in particular.”

The first doubt he had relates to the tremendous commercial pressure coders are under to release “more functionality in less time”.

“On their way to achieving higher rates of LOC/sec, programmers as well as their employers are willing to sacrifice other attributes of the code such as efficiency, readability and also correctness – assuming that some of these will be corrected later during testing cycles and some will not be critical enough to be ever fixed,” he explained.

“If we introduce a system that constantly holds back on programmers because they are stressed for some reason we will effectively introduce unbearable delays into the project which will of course put more pressure on those who perform the job when schedule becomes tight.”

This is not to mention the fact that programmers should, at times, be “over” challenged to keep them sharp and happy with their roles.

“Additionally, there’s a big question of whether we can have a system like that can make a distinction between making a critical mistake or a minor one, which again impacts its ability to have a positive effect on the software development process in general,” said Shulman.

Then, of course, there’s the issue of what kinds of flaws the system will root out.

“I think that most security related mistakes are introduced inadvertently as a consequence of the programmer not having the faintest idea regarding the potential implication of some implementation decision,” he argued. “This is the case with SQL injection, XSS, RFI and many more vulnerability types.”

So, bottom line: nice idea Microsoft, but it’s probably not going to solve the problem of poor coding anytime soon. Until something genuinely revolutionary comes along we’ll probably have to stick to the usual suspects to reduce risk: security tools, patching, better QA and testing.

Advertisements

Come in Agent Elop, your work is done

nokia eventIt’s finally happened. Microsoft today announced it is buying most of Nokia’s mobile phone business for a bargain €5.44bn (£4.62bn) in cash.

The deal will see Redmond snap up the Finnish giant’s Devices and Services business for €3.79bn (£3.2bn), license Nokia’s patents for €1.65bn (£1.4bn).

It’s a dramatic last roll of the dice for outgoing CEO Steve Ballmer and neatly brings back former Redmondite Stephen Elop into the fold.

He’ll be stepping aside as Nokia boss to become EVP of Devices and Services, but must be one of the favourites now to succeed Ballmer. If so, this will be one of the most expensive pieces of headhunting in corporate history.

Nokia’s chairman of the board Risto Siilasmaa will take the reins as interim CEO while the deal goes through the usual shareholder and regulatory approvals. Microsoft said it expects the transaction to close in Q1 2014, all being well.

For Microsoft the deal is proof if any were needed that it’s no longer a software company, that it sees success in the smartphone space as crucial to its future and that it can’t rely on a partner like Nokia to deal with the hardware side of things.

A few things occur to me:

  • HTC and RIM will be pretty disappointed – who are they going to get to buy up their failing businesses now?
  • Agent Elop has now been recalled after 2 years out in the field persuading Nokia’s board to sell to Microsoft. Job done – you may now progress to Microsoft CEO.
  • China’s up and coming smartphone poster child Xiaomi was recently valued at $10bn, nearly $2bn more than Nokia at this sale. Surely over-inflated.
  • This deal, while it could theoretically ensure phones get out faster to market, is not going to make life any easier for Microsoft or its new Nokia Devices and Services division. Especially in Asia. Its lack of apps will still hold it back.
  • Is Nokia still Europe’s largest technology firm? Over 30,000 staff will now be Microsofties but it still has over 50,000 employees on its books working on the reasonably profitable NSN biz and location services. It should be in pretty good shape.

IDC analyst Bryan Ma told me that the deal would give Microsoft a shortcut or “jump start” into the hardware space, but could end up alienating OEM partners.

“It’s got device, manufacturing, economies of scale, and channels to sell into which would have all take it longer to grow organically, as well as valuable patents,” he argued.

“My concern is as much as this can help it doesn’t solve the biggest problem facing Windows Phone and Windows 8 on tablet and PC – it doesn’t have enough apps to make a compelling platform.”

Tellingly, Microsoft only devotes one bullet point on the app ecosystem in a mammoth 27-slide presentation explaining its strategic rationale, he pointed out.

Ma added that the deal could end up alienating more OEM partners.

“The whole debate Microsoft got into when it released Surface was that its hardware partners like Acer said it was stepping on their toes. This will raise questions over whether this is more salt in the wounds for them.”

As for smartphone OEMs well Windows Phone has very few of those beyond Nokia anyway so it will step on fewer toes, he said.

However, I’d agree with Canalys VP research Rachel Lashford that it’s not exactly going to attract any more into the fold either.

“It reminds me of a decade ago when Nokia owned Symbian and tried to license it out but it didn’t work out,” she told me. I can’t think of many OEM vendors would fancy going head-to-head with Microsoft on Windows Phone now.

As for Asia-specific repercussions, well I’ll be taking a look at those – and there should be some given Nokia’s legacy in India and Microsoft’s desire to crack China – in my next post.