Approaching Zero Bugs?(daniel.haxx.se)
daniel.haxx.se
Approaching Zero Bugs?
https://daniel.haxx.se/blog/2026/04/30/approaching-zero-bugs/
3 comments
There's another problem
Who guarantees that those AI fixes don't introduce new bugs?
Who guarantees that those AI fixes don't introduce new bugs?
It's strange that he shows the graphs with the age of vulnerabilities going up without any real commentary on it (except to say that it's an argument that the number of bugs is not close to zero). I'm not so sure—I think a deeper analysis needs to be done that accounts for the fact that the project itself is aging and also accounts for code churn.
For example, if bugs were introduced and detected via a mostly uniformly random process, but most of the code was written in the early part of the project's lifecycle, then you would expect the age of bugs to go up over time (since there is less young code). Even if the code addition rate was constant, if developers were producing fewer bugs over time, then the age of the bugs would increase, since older code would be buggier.
For example, if bugs were introduced and detected via a mostly uniformly random process, but most of the code was written in the early part of the project's lifecycle, then you would expect the age of bugs to go up over time (since there is less young code). Even if the code addition rate was constant, if developers were producing fewer bugs over time, then the age of the bugs would increase, since older code would be buggier.
Why would we assume this? Historically it's obviously inaccurate since the world began with 0 software bugs.