Re: [SystemSafety] OpenSSL Bug

From: Tom Ferrell < >
Date: Thu, 10 Apr 2014 17:24:17 -0400


I was onboard with the last post right up until the very last sentence:

" In fact, a consultant friend of mine recommends we don't even call them "defects". He says, "Call them what they really are: programmer malpractice".

For a great deal of software where all that matters is time to market, such a view might have some traction. However, I would argue that seldom is a single programmer to blame, but rather a management structure who cares only about schedule and cost, and a broader industry that rewards time to market with massive ROI. In many cases, this ROI would trump all but the biggest legal settlements. I do agree that initiatives like the SWEBOK help as to certification programs for software professionals in general. These do not, however, get to the heart of the cultural problems and what seems to be an ever increasing erosion of basic engineering ethics. Overall this community needs to do a better job of communicating the societal impact of poor practices throughout the software engineering discipline.

On a different, but related note: the aerospace community has a long history of allowing people to come forward with problems so that they can be solved. This framework depends heavily on a system of anonymity and non-retribution. Creating a fora for software professionals to report on breakdowns in software engineering processes would be difficult but would seem to be worth pursuing.



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Thu Apr 10 2014 - 23:24:33 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST