CS 2800 Fall 2017 Homework 1 We'd like to get you thinking about the degree to which modern society is dependent upon, and vulnerable to, software. Please choose three software application classes where you believe correctness / reliability / security is most critical. That is, not just three classes where it is important, but the three classes where (you believe) it is the *most* important....or at least that you obsess about the most. A class of software could be based on application (aerospace, political, governmental, financial services, medical....) or CS sub-domain (machine learning, human-computer interaction, quantum computing....). The definition of a class has intentionally been left vague to not constrain your thought process. Just make sure your classes do not overlap (such as machine learning and high frequency trading). For each software class: 1) Justify your selection. Explain why this class of software is so important. 2) Why is correctness / reliability / security of such importance here? What happens if bugs occur, if the software can be exploited by an attacker, if the application crashes -- or just silently produces a wrong answer? 3) Provide incidents when this class of application has failed and why OR clearly identify REALISTIC scenarios where a problem could arise and how likely you estimate this might occur in the future. Some examples of incidents like the Therac-25 are listed below but do not use these. If you are describing a possible problem you should be very specific. Statements like "if all US Military drones were hacked then US civilians could die" are unacceptable. We have no idea HOW drones would all be hacked at once and there is no obvious vulnerability identified. 4) Give your personal estimate of how correct this class of applications is in current practice. 5) For each class of software, I would expect to see an absolute minimum of 2 cited articles either describing a system or industry, reporting an incident, or describing a possible exploit. For more information about citations, see below. Citations do not require quotes; just an acknowledgment of where you got your information. If you are using another person's words, however, you definitely need quotes. Acknowledgments should also be in the sentence; not just a list of references at the end (Fay Creference & Sill E. Example, 2010). If something you say is your option, then state it as such. Statements like "University administration is widely considered the most safety critical domain in the world" either need a reference or the statement needs to change to reflect it's YOUR opinion. ==================================================== Some incidents you might find inspiring: the Ariane 5 crash, the loss of the Mars Climate orbiter, the Intel FDIV bug, the NIST study on the cost of software bugs, the Patriot missile failure, the Therac-25 incident, or the Knight Capital hedge fund trading-software error. There are LOTS more examples and they don't necessarily need to involve death or millions of dollars lost. The class of software just needs to have already failed (or have a strong probability of failing spectacularly soon) and a high cost associated with failures. In case you want to give up to date examples, there are certainly incidents from the past year. Finally, conclude by telling us what lessons you've learned from this exercise (if any). A short paragraph or two here will be fine. Technicalities: =============== The length of the essay should be 1-3 pages of single spaced ASCII text .....that's a plain text file for almost everyone. If your operating system's language is not English, then double check. Opening the document in WordPad or a similar text editor will tell you the number of pages. You may browse around on the net, or use wikipedia and google, to read up on various incidents, if this is of any utility for you. You may also discuss and argue these issues with your classmates and friends -- but only in person and only in spoken form. You may not read a classmate's written work, or exchange email, or use other written forms of interaction. You must write your answers alone. There are lots of critical software classes and lots of failures so I expect submissions to be very different. Submission instructions for the class are posted on the class website. Remember to submit a signed class contract file (see below). We discussed academic integrity in class, but here is a snapshot. Throughout your careers you will be required to read, analyze, and process information, and to present your results. It is absolutely crucial that you learn how to do this convincingly, and according to the highest standards of integrity. Any sources you use must be cited. You can use any reasonable method of providing citations; see for example http://en.wikipedia.org/wiki/Citation Make sure that you read and fully understand the Northeastern Academic Integrity policy, which you can find at http://www.northeastern.edu/osccr/academicintegrity/index.html Furthermore you need to print, sign and scan the class contract (on the assignments page) as part of your homework submission (it's listed as another homework on BlackBoard). If you don't have access to a scanner, a clear photo of the signed document or an electronic signature using a stylus will suffice.