From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,9e3222ec528646b1 X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2003-04-29 13:55:46 PST Path: archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!hammer.uoregon.edu!skates!not-for-mail From: Stephen Leake Newsgroups: comp.lang.ada Subject: Re: Enforcing good software process Date: 29 Apr 2003 16:54:10 -0400 Organization: NASA Goddard Space Flight Center (skates.gsfc.nasa.gov) Message-ID: References: NNTP-Posting-Host: anarres.gsfc.nasa.gov Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: skates.gsfc.nasa.gov 1051650557 7052 128.183.235.92 (29 Apr 2003 21:09:17 GMT) X-Complaints-To: usenet@news.gsfc.nasa.gov NNTP-Posting-Date: 29 Apr 2003 21:09:17 GMT User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 Xref: archiver1.google.com comp.lang.ada:36747 Date: 2003-04-29T21:09:17+00:00 List-Id: kcline17@hotmail.com (Kevin Cline) writes: > Stephen Leake wrote in message news:... > > I think the best way to achieve higher quality software is to allow > > people to sue manufacturers for negligence when they don't follow > > accepted software production processes. Just as a surgeon can be sued > > when he screws up, but can't when he follows the rules (even if the > > patient dies), we need good "rules" for writing software that can be > > enforced by lawsuits. > > Manufacturers can be sued for negligence when a software-controlled > product with an explicit or implied guarantee of safety malfunctions. > But you can't sue Microsoft because you connected some safety-critical > device to a controller installed on a PC running Windows, and Windows > subsequently crashed. If you want someone to write and guarantee > software for safety-critical applications, they will do it, but they > will want a lot of money. Personally, I'm happy to be able to be able > to license highly functional operating systems for under $100, or even > for free. Yes, but I'd like a choice somewhere in between. Something along the lines of an ACT support contract :). > > The Capability Maturity Model is a start on a process for defining > > such rules. > > No process can guarantee software correctness, except perhaps actually > proving that the software is correct. Even then the proof may be > incorrect. I never said anything about "guarranteed correct". I was talking about reliability, and about liability. Ford and GM are liable when their cars break; it would be nice if there were more software companies that took the same attitude. > > I'd much prefer CMM level 3 or above, independent of language. > > > > ISO 9000 would also be a comfort, but less so (I've seen really bad > > code from ISO 9000 certified shops). > > And I predict you'll also see really bad code from CMM level 3 shops. Possibly. But I haven't yet. > Certification has never been a guarantee of competence in any field. Not an absolute guarrantee, that's true. But it is often well worth it. Doctors and social workers have good certification programs; I certainly would never allow an uncertified surgeon to operate on me. I assume civil engineers do as well; that's why we don't kill many people with bridges. Yes, there are always some people that fall thru the cracks, but on the whole, certification can improve quality. -- -- Stephe