Blind Faith and Black Code

Gandhi once said “Faith should be enforced by reason, if it becomes blind it dies”. The same message is at the core of Dr. Bill Curtis’s “fourth wave in software engineering” –which suggests that faith in your application software should be enforced with measurement.

“Third wave of software engineering” – which is process driven, gave a method to the madness of software development. It brought in the much needed discipline, rigor, and standardized approach to it. After a brief period of lull in the software engineering activity, there is some excitement, as the fourth wave is unraveling itself. Software Analysis and Measurement (SAM), which is at the heart of the new measurement based approach to software engineering discipline, is being developed to address the issue of measurement. SAM focuses on the actual output of the software development – the code itself. You can learn more about SAM and Fourth Wave at CISQ website (, which is sponsored by OMG and SEI to develop the new standards.

But more importantly I would like to recommend a new term today that can be measured, monitored and used in the context of SAM – “Black Code”. Analyzing the code using static analysis tools is one of the core requirements of SAM, the output of the analysis will be mined to provide insights that feed into management decision support systems. As organizations start adopting the SAM practices, they would need some new way to measure what portion of the code is actually analyzed and how much risk exposure do they have from the unanalyzed code. That is where the concept of the “Black Code” will be very useful. “Black Code” essentially refers to the portion of the code which is not analyzed and measured, code for which you have no visibility. The inspiration for the term comes from “Black-Box Testing”, which takes into account external perspective of the test object to derive test cases and there is no knowledge of the test object’s internal structure. In few years it will be common for executives to ask questions like – “How much black code do we have in our system?” I will expand more on this concept and how it can be measured and used in the next few blogs, but just want to get some initial feedback.

To sum it up – “Faith in your code should be enforced with measurement, if you are blind to your code, it becomes black”

Get Your Free White Paper And Learn How Software Analysis Can Help Your Business

Learn why you need to build security into your applications and how it will help improve and protect your business. Click the button below to get our FREE copy today.

Your Information will be kept private and secure.