Why is software quality important to security? What specific steps can an organization take to ensure software quality?

What will be an ideal response?

Software errors pose a constant threat to information systems, causing untold losses in productivity. Growing complexity and size of software programs, coupled with demands for timely delivery to markets, have contributed to an increase in software flaws or vulnerabilities. A major problem with software is the presence of hidden bugs or program code defects. Studies have shown that it is virtually impossible to eliminate all bugs from large programs. Flaws in commercial software not only impede performance but also create security vulnerabilities that open networks to intruders. To correct software flaws once they are identified, the software vendor creates small pieces of software called patches to repair the flaws without disturbing the proper operation of the software. Organizations must maintain best efforts to both make sure purchased software is up to date and make sure their own software and programming is as bug-free as possible by employing software metrics and rigorous software testing. Ongoing use of metrics allows the information systems department and end users to jointly measure the performance of the system and identify problems as they occur. Examples of software metrics include the number of transactions that can be processed in a specified unit of time, online response time, the number of payroll checks printed per hour, and the number of known bugs per hundred lines of program code. For metrics to be successful, they must be carefully designed, formal, objective, and used consistently. Early, regular, and thorough testing will contribute significantly to system quality. Good testing begins before a software program is even written by using a walkthrough - a review of a specification or design document by a small group of people carefully selected based on the skills needed for the particular objectives being tested. Once developers start writing software programs, coding walkthroughs also can be used to review program code. However, code must be tested by computer runs. When errors are discovered, the source is found and eliminated through a process called debugging.