CS 2800 Spring 2017 Homework 1 We'd like to get you thinking about the degree to which modern society is dependent upon, and vulnerable to, software. Please choose two software application classes where you believe correctness / reliability / security is most critical. That is, not just two classes where it is important, but the two classes where (you believe) it is the *most* important....or at least that you obsess about the most. A class of software could be based on application (aerospace, political, governmental, financial services, medical....) or CS sub-domain (machine learning, human-computer interaction, quantum computing....). The definition of a class has intentionally been left vague to not constrain your thought process. Just make sure your classes do not overlap (such as machine learning and high frequency trading). For each software class: 1) Justify your selection. Explain why this class of software is so important. 2) Why is correctness / reliability / security of such importance here? What happens if bugs occur, if the software can be exploited by an attacker, if the application crashes -- or just silently produces a wrong answer? 3) Provide incidents when this class of application has failed and why. Some examples like the Therac-25 are listed below but do not use these. 4) Give your personal estimate of how correct this class of applications is in current practice. 5) Propose some scenarios that have not occurred where problems could arise and how likely you estimate this might occur in the future. For example, if you thought university administration was critical (it isn't), you could identify potential exploits allowing people access to your blackboard account or issues with myNEU that may lead you to sign up for the wrong class or miss a registration deadline. 6) For each class of software, I would expect to see an absolute minimum of 4 cited articles either describing a system or industry, reporting an incident, or describing a possible exploit. For more information about citations, see below. Citations do not require quotes; just an acknowledgment of where you got your information. If it's option, then state it as such. Statements like "University administration is widely considered the most safety critical domain in the world" either need a reference or the statement needs to change to reflect it's your opinion. ==================================================== Some incidents you might find inspiring: the Ariane 5 crash, the loss of the Mars Climate orbiter, the Intel FDIV bug, the NIST study on the cost of software bugs, the Patriot missile failure, the Therac-25 incident, or the Knight Capital hedge fund trading-software error. There are LOTS more examples and they don't necessarily need to involve death or millions of dollars lost. The class of software just needs to have already failed and a high cost associated with future failures. In case you want to give up to date examples, there are certainly incidents from the past year. Finally, conclude by telling us what lessons you've learned from this exercise (if any). A short paragraph or two here will be fine. Technicalities: =============== The length of the essay should be 1-3 pages of single spaced ASCII text .....that's a plain text file for almost everyone. If your operating system's language is not English, then double check. Opening the document in WordPad or a similar text editor will tell you the number of pages. You may browse around on the net, or use wikipedia and google, to read up on various incidents, if this is of any utility for you. You may also discuss and argue these issues with your classmates and friends -- but only in person and only in spoken form. You may not read a classmate's written work, or exchange email, or use other written forms of interaction. You must write your answers alone. There are lots of critical software classes and lots of failures so I expect submissions to be very different. Submission instructions for the class are posted on the class website. Remember to submit a signed class contract file (see below). We discussed academic integrity in class, but here is a snapshot. Throughout your careers you will be required to read, analyze, and process information, and to present your results. It is absolutely crucial that you learn how to do this convincingly, and according to the highest standards of integrity. Any sources you use must be cited. You can use any reasonable method of providing citations; see for example http://en.wikipedia.org/wiki/Citation Make sure that you read and fully understand the Northeastern Academic Integrity policy, which you can find at http://www.northeastern.edu/osccr/academicintegrity/index.html Furthermore you need to print, sign and scan the class contract (on the assignments page) as part of your homework submission. If you don't have access to a scanner, a clear photo of the signed document or an electronic signature using a stylus will suffice.