TY - JOUR T1 - Striving for correctness JF - Computers & Security Y1 - 1995 A1 - Abrams,Marshall D. A1 - Zelkowitz, Marvin V KW - Assurance KW - belief KW - correctness KW - Formal Methods KW - MATHEMATICAL MODELS KW - metrics KW - Process models KW - Risk management KW - Security testing KW - Silver bullets KW - simulation KW - Trustworthiness AB - In developing information technology, you want assurance that systems are secure and reliable, but you cannot have assurance or security without correctness. We discuss methods used to achieve correctness, focusing on weaknesses and approaches that management might take to increase belief in correctness. Formal methods, simulation, testing, and process modeling are addressed in detail. Structured programming, life-cycle modeling like the spiral model, use of CASE tools, use of formal methods, object-oriented design, reuse of existing code are also mentioned. Reliance on these methods involves some element of belief since no validated metrics on the effectiveness of these methods exist. Suggestions for using these methods as the basis for managerial decisions conclude the paper. VL - 14 SN - 0167-4048 UR - http://www.sciencedirect.com/science/article/pii/0167404895000224 CP - 8 M3 - 10.1016/0167-4048(95)00022-4 ER -