Software defects can be an error, flaw, failure, or fault in a software program that causes the software program to behave in unintended ways or produce an incorrect or unexpected result. Many of these software defects occur due to the mistakes and errors made by a developer in source code, design, tools used to develop the software program, or issues with the framework used to develop the software program. In order to address the software defects, thorough testing is performed on the software program before releasing the software program/application to a customer/production at different stages. As per a recent survey in the field of software testing, it is observed that approximately 27% of defects get leaked to production in the case of information software, 10% of defects get leaked in the case of commercial software, and 7% of defects get leaked in the case of system software. In spite of strict quality process and software testing, nearly 40% of these defects/bugs are caused due to coding errors.
The cost of resolving a software defect is proportional to its severity and the time it takes for fixing the software defect. Typically, a software patch release or a major release is recommended to fix the software defect. However, the software patch release or the major release takes a month to a year on average to reach the customer.
The majority of the coding bugs/defects that exist today in software applications are directly or indirectly related to data validation. Malicious or invalidate data inputs to different modules/sub-modules in the software application lead to serious security, data corruption, or availability related issues. Many software applications perform entry level validation at user input modules to test standard entry points, but software applications have multiple entry points such as web services, SDKs, and Macros. The hacking attacks generally do not come through standard entry points, but from undocumented usage of modules, data read from corrupted files/registry/database and the like. Hence, the input validations performed at user-input in the testing cycle are not enough to protect the integrity of the software application. Most of the negative tests that are performed especially in blackbox testing are limited to default/known entry-points. Many error types such as division by zero, arithmetic overflow or underflow, Null pointer dereference, use of uninitialized variable, buffer overflow, wrong data type etc. can be prevented if data validations are performed at appropriate stages. Other major reasons for the defects are deadlock, race conditions, and heavy use of resources in multithreaded environment. These other performance issues are noticed because of improper utilization of resources, no proper timeouts, and mismatch in the response speed of the system on which the software application is installed.
Many application SDKs/web services are stateful, i.e. it expects an external application to invoke the methods in some specified order. Hence it is observed that applications are written with minimal validations at each stage, assuming that SDKs/web services would be invoked by trusted applications. Incorrect API usage is another major cause for software defects.
Considering the above problems in the art, it is very important to have checkpoints at different levels of the software application, wherein the checks are very specific to context. However, it is a time consuming process to have programmatic checks at multiple levels in the case of a new application, due to lots of coding and testing efforts. Also, it is difficult to address this kind of issue in software applications that are already deployed due to lots of rework. Also, throttling of data flow, or invoking Methods/functions/sub-routines, controlling number of parallel processed/threads etc. is very much critical for software operations to make sure the availability and SLAs (in terms of response time) of certain services. Hence, there is a need to address many of the bugs at the production level and minimize the wait time caused due to patch releases.