Cryptography Reference
In-Depth Information
production. In this regard one no longer speaks merely of “testing” or “quality
assurance,” but instead one hears talk of “quality management” or “total quality
management,” which in part are simply the result of effective marketing, but
which nonetheless cast the issue in the proper light, namely, to consider the
process of software creation in its multifaceted entirety and thereby improve it.
The frequently employed expression “software engineering” cannot blind us to
the fact that this process, as it relates to predictability and precision, as a rule can
scarcely compete with the classical discipline of engineering.
The comparison may be characterized aptly by the following joke: A
mechanical engineer, an electrical engineer, and a software engineer have
decided to take an automobile trip together. They seat themselves in the car, but
it refuses to start. The mechanical engineer says at once, “The problem is with
the motor. The injection nozzle is clogged.” “Nonsense,” retorts the electrical
engineer. “The electronics are to blame. The ignition system has certainly failed.”
Whereupon the software engineer makes the following suggestion: “Let's all get
out of the car and climb back in. Perhaps then it will start.”
Without pursuing the further conversations and adventures of the three
intrepid engineers, let us proceed to consider some of the options that were
implemented in the creation and testing of the FLINT/C package. Above all,
the following references were consulted, which do not exhaust the reader with
abstract considerations and guidelines but get down to concrete assistance in
solving concrete problems, without in the process losing sight of the big picture.
1
Each of these topics contains numerous references to further important literature
on this topic:
•
[Dene] is a standard work that deals with the entire process of software
development. The topic contains many methodological pointers based
on the practical experience of the author as well as many clear and useful
examples. The theme of testing is attacked again and again in connection
with the various phases of programming and system integration, where the
conceptual and methodological fundamentals are discussed together with
the practical point of view, all in conjunction with a thoroughly worked out
example project.
•
[Harb] contains a complete description of the programming language C and
the C standard library, and it gives many valuable pointers and comments
on the prescriptions of the ISO standard. This is an indispensable reference
work to be consulted at every turn.
•
[Hatt] goes into great detail on the creation of security-critical software
systems in C. Typical experience and sources of error are demonstrated
1
The titles named here represent the author's personal, subjective selection. There are many
other topicss and publications that could as well have been listed here but that have been
omitted for lack of space and time.
