the input These concurrent programming flaws are much harder to detect and

The input these concurrent programming flaws are much

This preview shows page 480 - 482 out of 517 pages.

the input. These concurrent programming flaws are much harder to detect and correct. Testing is much more challenging for security, but one approach is use a tiger team as the adversaries who perform penetration tests . The team reports back to the developers the uncovered vulnerabilities. Summary Given the importance of keeping the users trust, non-functional features can be more important than functional features, especially for SaaS apps. The Plan-and-Document processes speak little about performance, except as a potential piece of the System Requirement Specification that is later validated as part of the Master Test Plan. Releases, considered part of Configuration Management, are significant events in Plan-and- Document processes. A release wraps up everything about the project at that time, including documentation about how the release was made as well as the code, configuration files, data, and product documentation. Redundancy is the key to dependable system, with highly available systems aiming at no single point of failure. The Mean Time To Failure is a function of the whole system, including hardware and operators along with the software. Another way to improve availability that is easier to measure than MTTF is to concentrate on reducing Mean Time To Repair . Unlike the probabilistic basis for failures in dependability analysis, security is based on an intelligent adversary who is purposely exploiting unexpected events, such as buffer overflows. Self-Check 12.10.1. Besides buffer overflows, arithmetic overflows, and data races, list another potential bug that can lead to security problem by violating one of the three security principles listed above. One example is improper initialization, which could violate the principle of fail-safe defaults. 12.11 Fallacies and Pitfalls Fallacy: All the extra effort for testing very rare conditions in Continuous Integration tests is more trouble than it’s worth. At 1 million hits per day, a “rare” one-in-a-million event is statistically likely every day. 1 million hits per day was Slashdot’s volume in 2010. At 8 billion (8 × 10 9 ) hits per day, which was Facebook’s volume in 2010 , 8,000 “one-in-a-million” events can be expected per day. This is why code reviews at companies such as Google often focus on corner cases: at large scale, astronomically-unlikely events happen all the time ( Brewer 2012 ). The extra resilience provided by error-handling code will help you sleep better at night.
Image of page 480
Fallacy: The app is still in development, so we can ignore performance. It’s true that Knuth said that premature optimization is the root of all evil “...about 97% of the time.” But the quote continues: “Yet we should not pass up our opportunities in that critical 3%.” Blindly ignoring design issues such as lack of indices or needless repeated queries is just as bad as focusing myopically on performance at an early stage. Avoid truly egregious performance mistakes and you will be able to steer a happy path between two extremes.
Image of page 481
Image of page 482

You've reached the end of your free preview.

Want to read all 517 pages?

  • Spring '19
  • Dr.Marcos

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes
A+ icon
Ask Expert Tutors