17th Annual Computer Security Applications Conference
December 10-14, 2001
New Orleans, Louisiana


Panel - How Useful is Software Fault Injection?

Chair:
Jim Reynolds
Teknowledge
USA

Matt Bishop
University of California at Davis
USA

Anup Ghosh
Cigital
USA

James Whittaker
Florida Institute of Technology
USA

Software fault injection (SFI) is a controversial method for identifying errors and improving software. Many respected researchers believe the method holds promise, including the members on our panel, although with careful qualifications. On the other hand, COTS software manufacturers tend to view the method with skepticism for several reasons. One problem is the difficulty in verifying that injected faults are representative of real world faults. Another is that SFI may not be as efficient in identifying errors in software as more conventional testing. The three panelists explored wide-ranging alternatives to the industry view.