On Nov 7, 2015, at 3:39 PM, Moose Finklestein <[email protected]> wrote:
> The article goes on to pull out data breaches and other failures, > insisting that things like this would never happen in physical > engineering. Wishful thinking. How many bridges failed due to poor > design? How many buildings have collapsed? I agree that the arguments weren’t great, but if I may play devil’s advocate for a moment… What happened in the case when those buildings collapsed or those bridges failed? Or, to use your later examples, when laptops had a memory board failure or caught on fire? In those cases, someone was likely held responsible. If something broke due to an unforeseen materials problem or a never-before-encountered wind shear, then there was a probably a nice journal article written about it. However, if the engineer in charge cut corners and should have known better, there was likely some liability attached. If your laptops are defective, you get new ones (or free repairs). If you don’t, there’s usually a class-action lawsuit. Professional engineers need to sign off on the components they use or recommend for a design. If they recommend the wrong ones and something goes south, they’re in big trouble. Compare this to software flaws in most applications (I’m excluding the space shuttle and other exceptional programs here). If something breaks, there’s usually “no warranty”. What if all my work gets destroyed by a software bug (it’s certainly happened to me, with some expensive software)? Is there a class-action lawsuit? There are critical software bugs fixed every day all year long, but it’s just accepted that it’s part of the deal. If you (as a customer) called up someone like Microsoft and yelled at them about some work you’d lost due to Word crashing, you’d get some sympathy and not much else. How do you know that the software you’re buying has had some reasonable standard of care put into its development? Without access to the source, you only have a particular company’s reputation to go on. Note that I don’t necessarily believe we should license everyone who writes software for a living. I particularly feel that open-source software should be able to disclaim some liability (no warranty for any purpose, etc, etc) since liability could really hurt people wanting to release stuff. But if there were at least an option to certify that software follows some best practices, that would be helpful. Of course, that requires some kind of magical, all-encompassing, difficult-to-fake, non-burdensome yet worthwhile certification process that doesn’t just become a bureaucratic box to check on a project. I suppose companies could just start offering some kind of performance warranty on their work voluntarily and hope people are willing to pay a little extra for the assurance. However, since most people seem to accept software bugs as par for the course, I’m not sure who would go out of their way to do that. Jason _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
