In other engineering industries, ignoring the heedings of engineers results in charges of criminal negligence and corporate executives spending time in prison. Eventually that will be the case for software engineering as well. But Equifax probably won't tip the scale. My money is on the first company that walks away unscathed after a self-driving car plows through a preschool or something like that.
We already had Toyota following the same abyssmally unsafe (but dirt cheap!) practices that most of the industry does, ignoring 90 of 94 'required or suggested' practices for firmware development the automobile industry recommends, their developers not even having a bug tracker, not using ECC memory while lying and claiming they were, etc resulting in multiple deaths - and an acquittal for criminal negligence. The court pointed out there are no standards that the court could claim they violated. And they're correct. This issue has been debated in the Communications of the ACM for several years now, whether software engineering needs some sort of certification process or regulatory body which can make substantive judgements. Companies don't want it because they're aware of what a laughably cheap resource software engineers are and don't want that price to go up. Software engineers don't want it because any regulatory body is destined to make stupid decisions. But how long will the general public tolerate being ground under the wheels (literally) of bad software before demanding something be done? And just how much worse will those standards be when drafted by committees of lobbyists and bureaucrats?
> Eventually that will be the case for software engineering as well ... My money is on the first company that walks away unscathed after a self-driving car plows through a preschool or something like that.
I agree with you that "eventually that will be the case".
I don't think it will happen until some people in government -- politicians who can actually make/change the laws -- are personally impacted or affected in some really major way, though. Until that point, their lobbying friends will persuade them that everything is fine.
It's just like trying to warn management about "bad shit" that could happen. Nothing will change until it actually does happen -- and then you will see a swift, overwhelming response.
I think this is to be expected from organizations that don't have software as a core activity. You don't attract the best people, don't motivate the people you have, and don't promote them. It has happened again and again: Target, Equifax, Toyota, Therac-25, etc... The seemingly most effective means of mitigating it appears to be to throw money at people (ex: Wall Street and to a lesser extent biotech) or to be in a really hot field (which basically allows you to throw money at the problem).
There are two other ways to solve the problem. Wait for a more software oriented company to eat the existing company's lunch and software as a service. The SAS approach seems to work best for large markets.
5 comments
[ 19.1 ms ] story [ 2429 ms ] threadWe already had Toyota following the same abyssmally unsafe (but dirt cheap!) practices that most of the industry does, ignoring 90 of 94 'required or suggested' practices for firmware development the automobile industry recommends, their developers not even having a bug tracker, not using ECC memory while lying and claiming they were, etc resulting in multiple deaths - and an acquittal for criminal negligence. The court pointed out there are no standards that the court could claim they violated. And they're correct. This issue has been debated in the Communications of the ACM for several years now, whether software engineering needs some sort of certification process or regulatory body which can make substantive judgements. Companies don't want it because they're aware of what a laughably cheap resource software engineers are and don't want that price to go up. Software engineers don't want it because any regulatory body is destined to make stupid decisions. But how long will the general public tolerate being ground under the wheels (literally) of bad software before demanding something be done? And just how much worse will those standards be when drafted by committees of lobbyists and bureaucrats?
Good article about the Toyota fiasco: https://www.edn.com/design/automotive/4423428/Toyota-s-kille...
I agree with you that "eventually that will be the case".
I don't think it will happen until some people in government -- politicians who can actually make/change the laws -- are personally impacted or affected in some really major way, though. Until that point, their lobbying friends will persuade them that everything is fine.
It's just like trying to warn management about "bad shit" that could happen. Nothing will change until it actually does happen -- and then you will see a swift, overwhelming response.
If you were a malicious person, imagine the possibilities.