Introduction

Abstract

The amount and complexity of software developed and used has grown tremendously during the past years. The number of processors on which that software is supposed to run has by far outnumbered human beings [Storey, 1996]. Most of these processors are in fact not “classical” computers like mainframes, workstations, or PCs. Rather they are components of embedded systems which control applications and machinery from car brakes and washing machines to central components of nuclear plants¹. The software which is running on the processors has reached many billions of lines of code. Therefore, the development and maintenance of software poses rising demands on software engineering technology. Software and hardware are expected to work error-free, safe, and reliable. Whereas the crash of a word processor or your favorite game may be a nuisance, a malfunction in software controlling a nuclear plant can possibly cost thousands of human lives and can endanger millions more. Many applications exist where a high reliability must be ensured, because failures are costly (with respect to human lives, environmental issues, or money). Such applications can be found in nearly all areas, e.g., aviation, (nuclear) power plants, medicine, transportation, space technologies, process control, or banking. Reliability must not only be guaranteed with respect to possible bugs and errors in the software. The safety of a computer system against malevolent attacks (from intruders like hackers or criminal persons) is also of growing importance. Particularly endangered are the extremely fast growing areas of electronic commerce, (tele-) banking, or remote access to computer systems (e.g., remote login). A good collection of hazardous incidents with computer systems is presented in P. Neumann’s book [Neumann, 1995] where also an assessment of computer related risks is given.