From: Stephen Leake <Stephe.Leake@nasa.gov>
Subject: Re: Enforcing good software process
Date: 29 Apr 2003 16:54:10 -0400
Date: 2003-04-29T21:09:17+00:00 [thread overview]
Message-ID: <uwuhdvxcd.fsf@nasa.gov> (raw)
In-Reply-To: ba162549.0304291212.27900479@posting.google.com
kcline17@hotmail.com (Kevin Cline) writes:
> Stephen Leake <Stephe.Leake@nasa.gov> wrote in message news:<uu1cmfw37.fsf_-_@nasa.gov>...
> > I think the best way to achieve higher quality software is to allow
> > people to sue manufacturers for negligence when they don't follow
> > accepted software production processes. Just as a surgeon can be sued
> > when he screws up, but can't when he follows the rules (even if the
> > patient dies), we need good "rules" for writing software that can be
> > enforced by lawsuits.
>
> Manufacturers can be sued for negligence when a software-controlled
> product with an explicit or implied guarantee of safety malfunctions.
> But you can't sue Microsoft because you connected some safety-critical
> device to a controller installed on a PC running Windows, and Windows
> subsequently crashed. If you want someone to write and guarantee
> software for safety-critical applications, they will do it, but they
> will want a lot of money. Personally, I'm happy to be able to be able
> to license highly functional operating systems for under $100, or even
> for free.
Yes, but I'd like a choice somewhere in between. Something along the
lines of an ACT support contract :).
> > The Capability Maturity Model is a start on a process for defining
> > such rules.
>
> No process can guarantee software correctness, except perhaps actually
> proving that the software is correct. Even then the proof may be
> incorrect.
I never said anything about "guarranteed correct". I was talking about
reliability, and about liability. Ford and GM are liable when their
cars break; it would be nice if there were more software companies
that took the same attitude.
> > I'd much prefer CMM level 3 or above, independent of language.
> >
> > ISO 9000 would also be a comfort, but less so (I've seen really bad
> > code from ISO 9000 certified shops).
>
> And I predict you'll also see really bad code from CMM level 3 shops.
Possibly. But I haven't yet.
> Certification has never been a guarantee of competence in any field.
Not an absolute guarrantee, that's true. But it is often well worth
it. Doctors and social workers have good certification programs; I
certainly would never allow an uncertified surgeon to operate on me. I
assume civil engineers do as well; that's why we don't kill many
people with bridges. Yes, there are always some people that fall thru
the cracks, but on the whole, certification can improve quality.
--
-- Stephe
next prev parent reply other threads:[~2003-04-29 20:54 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-25 15:14 Enforcing good software process Stephen Leake
2003-04-25 20:15 ` John R. Strohm
2003-04-28 15:55 ` Stephen Leake
2003-04-29 20:12 ` Kevin Cline
2003-04-29 20:54 ` Stephen Leake [this message]
2003-04-30 17:01 ` Rod Chapman
2003-05-11 23:02 ` Robert I. Eachus
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox