Geoff Chappell - Software Analyst
You are at the home page of a website that has grown out of an academic interest in studying what software actually does, which is much too often not exactly what the manufacturer says the software does.
As our society relies ever more on computer software sold as a consumer product, I cannot be the only one who is troubled that we have hardly any means of inspecting the product independently of its manufacturer. Of course, a bug in Windows is not a matter of life and death, nor even is the possibility that any software manufacturer might mislead its customers (or our courts), having calculated that there is no realistic chance of being exposed. Yet there is no other consumer product for which our society has accepted anything like so much reliance on the manufacturer to be open and truthful about the product’s behaviour and especially about defects. As we look to a future of new technology, in genetics, where we did not invent the machinery that we will nonetheless try to program, we surely ought not let it become our custom to trust so much.
For the programming of software on electronic technology, the best that our society seems to have managed is some notion of manufacturers disclosing their source code, whether voluntarily as so-called open source, else under court order. To me, this is analogous to requiring that manufacturers of food disclose their recipes or at least list their ingredients. It’s fine enough as far as it goes—and I am one who always reads these details on packaged food—but it’s no substitute for independent chemical analysis. Our food supply surely has more integrity, and those labels more credibility, because the manufacturers of food know that their wares can be analysed independently, even if such analysis is hardly ever done. We ought to have something like that for software, but we are nowhere near it. Indeed, we are so far from having it that few have ever thought to expect it and most of them gave up long ago on ever seeing it.
This site exists as some record of what I see as my contribution to this goal of developing practicable techniques for studying software without having the source code, without assistance from the manufacturer beyond the generally published documentation, and even without running the software. It’s a research effort that could do with some support, more awareness, and many more hands (well, minds).
Please always bear in mind that everything you see at this site is meant to demonstrate research in Software Analysis. This is not one of those websites that collates suppositions from who knows where on the Internet. Though I may slip up now and then, my intention is that everything at this site is original research into primary sources, unless another source is noted, or is the application of that research in order to comment on a secondary source. Let it be stressed: the only primary source in a study of software is the software—not the product documentation, nor even the source code, just the software.
There are well over 1,500 pages at this site and they are all written with the expectation that you navigate by using the expandable table of contents to the left of this page. If you see no such thing, then please check the Browser Advice. For an overall description of how these many pages are organised and of what (little) I expect of you for reading them, see About This Site. To criticise me, thank me or submit a wish list, please read the page about Feedback. To ask for help with a technical problem, even one that I address at this site, please consult me formally.
This website is funded from consultation services. If you appreciate the research behind the site and the free publication of what I find time to write up, then please recommend my consultation services as widely as possible. If you would like to see the research and writing up become established as full-time work for public benefit, then please consider ways that you might support this site.