Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Microsoft's Answer to Buggy Code: Monitor the Coder

A Microsoft researcher has proposed a new solution to the problem of buggy code: monitor the coders themselves to detect when they are struggling at work and may introduce flaws
A Microsoft researcher has proposed a new solution to the problem of buggy code: monitor the coders themselves to detect when they are struggling at work and may introduce flaws

A Microsoft researcher has proposed a novel solution to the problem of buggy code: monitor the coders themselves to detect when they are struggling at work and may introduce flaws.

Andrew Begel discussed his work at the 15th annual Microsoft Research Faculty Summit on Tuesday. His paper, 'Using Psycho-Physiological Measures to Assess Task Difficulty in Software Development', was co-authored with Zurich university boffins Thomas Fritz, Sebastian C. Müller, and Manuela Züger, alongside Serap Yigit-Elliott of consulting firm Exponent.
 
It raises the possibility of using eye-tracking technology, electrodermal-activity [EDA] sensors, and electroencephalogram [EEG] sensors to monitor programmers as they’re working. The EEG measures brain activity while EDA sensors can pick up anxiety by measuring changes in the skin’s ability to conduct electricity.
 
“My idea is that if the software developers are writing the code and causing the bugs, we should measure attributes of the developers themselves,” Begel said in a prepared statement. “If we can figure out what cognitive or emotional issues lead to buggy code or lowered productivity, we can try to intervene and stop them from causing developers to make mistakes in the first place.”
 
In a study of 15 professional developers, Begel and his team could apparently predict a difficult task with 65% precision – a figure which rose to 85% for new tasks.
 
However, Begel admitted that he had yet to intervene in a programmer’s work and therefore doesn’t know what the reaction might be.
 
“One [intervention] I’ve thought about can help absent-minded developers, such as those who just came back from lunch and aren’t paying much attention to their code,” he explained. “If we reduce the contrast on the display and make the fonts harder to read, the developer will be forced to apply more brainpower to read and understand the code and will be less likely to slip up as a result.”
 
Experts were wary about the potential effects of using such a system.
 
Imperva CTO Amichai Shulman told Infosecurity that monitoring programmers while they code would be considered overly intrusive by many.
 
“If we introduce a system that constantly holds back on programmers because they are stressed for some reason we will effectively introduce unbearable delays into the project which will of course put more pressure on those who perform the job when schedule becomes tight,” he added. “This is of course ignoring the fact that to some extent we want our programmers to be ’over’ challenged by the problems they have to solve in code in order to keep them ‘sharp’ and happy with their job.”
 
He said that such a system may not be able to tell the difference between a critical and a minor mistake, which could lead to more unnecessary delays.
 
Many security flaws, in any case, are introduced inadvertently by coders – a fact that would likely not be picked up by such a system, Shulman concluded.

What’s Hot on Infosecurity Magazine?