[SystemSafety] OpenSSL Bug

Les Chambers les at chambers.com.au
Mon Apr 14 04:07:24 CEST 2014


Tom
RE your comment : "Creating a fora for software professionals to
report on breakdowns in software engineering processes would be
difficult but would seem to be worth pursuing."

Such a forum exists here:
http://www.chambers.com.au/forum/post_summary.php?frm=1

As you will see, plenty of people want to view, but few are motivated to
contribute.
Is this due to lack of English expression skills or just plain apathy |
disinterest | brain calcification. It's hard to tell.
It's always struck me as sad that the active participation you find in
fantastic sites such as http://stackoverflow.com/ is not replicated in
software and Systems engineering forums. I guess it's mainly due to the
reality that stack overflow solves immediate problems: my program doesn't
work, I can't understand that error message and so on. SE problems are more
abstract and have longer term solutions and involve people above the pay
grade of your average developer. This list is one notable exception. 
What can I say? .... maintain the rage.
Les


-----Original Message-----
From: systemsafety-bounces at lists.techfak.uni-bielefeld.de
[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of
Tom Ferrell
Sent: Friday, April 11, 2014 7:24 AM
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] OpenSSL Bug

I was onboard with the last post right up until the very last sentence:

" In fact, a consultant friend of mine recommends we don't even call
them "defects". He says, "Call them what they really are: programmer
malpractice".

For a great deal of software where all that matters is time to market,
such a view might have some traction.  However, I would argue that
seldom is a single programmer to blame, but rather a management
structure who cares only about schedule and cost, and a broader industry
that rewards time to market with massive ROI.  In many cases, this ROI
would trump all but the biggest legal settlements.  I do agree that
initiatives like the SWEBOK help as to certification programs for
software professionals in general.  These do not, however, get to the
heart of the cultural problems and what seems to be an ever increasing
erosion of basic engineering ethics.  Overall this community needs to do
a better job of communicating the societal impact of poor practices
throughout the software engineering discipline.  

On a different, but related note: the aerospace community has a long
history of allowing people to come forward with problems so that they
can be solved.  This framework depends heavily on a system of anonymity
and non-retribution.  Creating a fora for software professionals to
report on breakdowns in software engineering processes would be
difficult but would seem to be worth pursuing.
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE



More information about the systemsafety mailing list