commercial realities behind bug testing
The article was about "The importance of bug testing" not "finding every possible bug".
You said "commerical realities don't match", but in fact they do, unless you are apart
of a firm that doesn't consider security and consumer satisfaction as one of it's
priorities. Leading software companies, will reply to bugs within a few hours, and will
establish a patch after suitable testing has been attributed to various systems. I will
point that this was the case for the recent telnet client buffer overflow in BSD/Linux
that Synnergy Networks (www.synnergy.net) stumbled upon. The FreeBSD and Slackware security
advisors were quite prompt in answering and working on a patch.
You will find that if say patch A is applied to correct a bug, and patch A is
superceeded by patch B to fix a bug that was present in patch A, that this kind
of remedy was a "hot fix" - something to quickly solve the problem. Microsoft
often releases these, but conglomerates them all into a Service Pack(sp) later on -
which will in turn fix the problem.
Testing software is important, no matter what the scenario, or eations
there may be. Although you are quite true in saying *some* circumstances may go
untested because of the potential danger involved, but this article is not specifcally
dealing with life threatening mechanisms such as Nuclear power plant meltdown. You will
probably also find that these larger machines are fault tolerant, most software (the kind
available on the net or stores) are not fault tolerant because of the exceeding monetary
pricing, far beyond reach for the normal consumer. Additionally, these fault tolerant
systems are often run through simulations to test for presence of bugs, but be assured
life critical systems like this, are thouroughly tested before being implemented.