At what time of year is the most insecure software written? And what could account for the seasonal variation?
Data collected by Veracode reveals that the density of bugs in code in in the early stages of the development lifecycle rises dramatically in the autumn.
Whereas the average flaw density in alpha and beta-stage applications for a 2-year period was 24 flaws per megabyte of executable code it peaked in October at 53 flaws per megabyte.
(Click chart to expand)
Fergal Glynn, Director of Marketing at Veracode who produced the chart based on an analysis of thousands of applications early in the development life cycle speculates in an article on Threat Post:
Maybe the build up to Thanksgiving has developers distracted? Are developers adjusting after the Summer break when "the living is easy" and the roads are quiet? Fall brings the extra pressure of dropping kids at school and rushing in the evenings to pick them up after sports. There is also the added pressure to produce a high volume of code to meet end of year deadlines and releases.
The graph raises a question that can be used to provide another explanation. The gap between the median of 3 flaws per megabyte and the average of 24 flaws per megabyte indicates that the sample is very skewed - but as it covers both alpha stage and beta stage projects this is only to be expected. And maybe that provides the clue - the development cycle.
Just as the academic year starts in September, perhaps that is also when new code projects are started. Add to this the phenomenon of a new influx of rooky programmers and the pressure of milestone deadlines prior to the holidays and we have the interaction of three factors: new projects; inexperienced programmers; and deadline pressures; resulting in a surge of bugs.
It seems reasonable to us at least. Programmers are human and subject to the same pressures, including the seasons, as the rest of the world.
To be informed about new articles on I Programmer, subscribe to the RSS feed, follow us on Google+, Twitter, Linkedin or Facebook or sign up for our weekly newsletter.