Quote: error handling may prevent damage whether caused by system or user [»hamiM_1978]

Quote: need discipline of relational model to share large quantities of data by non-programmers acting independently

Quote: social pressure can lead to misinterpretation, mistakes and accidents; strong influence on everyday behavior [»normDA_1988]

Quote: everyone makes dumb mistakes; a huge number of bugs are just one step away from a syntax error; e.g., typing || instead of && [»hoveD12_2004]

Quote: bug detectors for thread correctness, performance issue, security violation, usage bug, dropped exception, null pointer, open stream, unchecked return, unconditional wait [»hoveD12_2004]

Quote: it is easy to make expensive programming errors; the EDSAC group developed techniques to avoid or detect errors before execution and to locate errors after execution [»wilkMV_1951]

Quote: a common mistake is to put too much confidence in software; design errors are hard to find and eliminate [»leveNG7_1993]

Quote: Cyclone identified array bound violations in three benchmarks [»jimT6_2002]

Quote: the contingency design test begins with user interaction errors; e.g., skip a required field, fix a mistake, check a bad or mistyped URL, try customer support, what if there are no results [»lindM_2004]

Quote: hardware failure modes are more limited than software failures, so hardware interlocks should still be used

Quote: a forcing function constrains a sequence of actions; e.g., ignition switch and interlocks on microwave ovens [»normDA_1988]

Quote: a type specifies the valid operations while a type guard specifies when an operation is valid

Quote: Vault defines type guards for specifying resource management protocols; e.g., operations performed in a valid order, operations required before access, operations that will be performed; enforced at compile time [»deliR6_2001]

Quote: Lisa requires a menu item to eject a disk; prevents errors from removing disk at wrong time [»stewG3_1983]

Quote: Lisa has a software-controlled on/off switch; allows it to preserve the current state [»stewG3_1983]

Quote: a capture error occurs when a frequently done activity captures an unfamiliar activity sharing the same initial stages [»normDA_1988]

Quote: be careful of adding a comma between the cycle count and group of operations; otherwise get a sequence

Quote: Cyclone is a safe dialect of C; avoids buffer overflows, format string attacks, and memory management errors; static analysis plus run-time checks and annotations [»jimT6_2002]

Quote: CSSV for static analysis of buffer overflows in C; optional contract per procedure reduces to integer expressions; handles heap allocation, multi-level arrays, function pointers, casting; faster than authors' previous algorithm [»dorN6_2003]

Quote: a language is secure if it detects most cases where its concepts break down and produce meaningless results [»brinP4_1999]

Quote: fix security warnings or add annotations; run Splint until done [»evanD1_2002]

Quote: prefer policy over tunable settings for security and resource allocation; express in terms of goals; allows audit, avoids user error [»kampPH7_2004]

Quote: irreversible actions provide sufficient warning, are difficult to do, or are nonexplorable

QuoteRef: muchSS_1976 ;;368 "Commands with potentially disastrous effects must prompt for confirmation before proceedings

Quote: erase and copy commands require confirmation with the effected region displayed; also undo [»goodM6_1981]

Quote: a guarded button, e.g., Destroy, must be double clicked; marked with a cross-out [»teitW3_1985]

QuoteRef: cbb_1973 ;;2/3/79 IBM human factors lab- all destructive operations such as delete-line requires use of the control key as confirmation

Quote: Mux does not use confirmations for deletions; since confirmations are ignored in practice [»pikeR3_1988]

Quote: Star doesn't need an accept function since invoking the command is the last step [»smitDC_1982]

Quote: C++ lacks a 'no-alias' property because it can't be guaranteed, it may lead to accidental errors, and it is targeted to vectorizing computers [»stroB_1994]

Quote: avoid unnecessary notation; common source of errors; e.g., statement separators, parenthesis [»paneJF9_2002]

Quote: print 20-digit cryptographic token in two lines of four-digit groups; significantly reduced error rate [»andeRJ5_1996]

Quote: survey on the use of check digits for error detection in identification numbers [»gallJA9_1996]

Quote: COUSIN interacts with users to correct errors in a command; it automatically corrects some errors and fills in defaults

Quote: Java does not allow a local name to override a global name; an earlier version with name hiding caused accidental errors [»goslJ6_1997]

Quote: strong typing simplifies syntactic analysis and identifies many programming errors

Quote: C++ types and data-hiding efficiently prevent accidental corruption of data. They do not provide secrecy and security [»stroB_1991]