How Good is Good Enough?Slide 2Sample CaseMore DetailsRawlsian ApproachSlide 6Software Process Principal ActorsPrinciplesAnalysisSoftware is not a typical productGuidelinesGuidelines Cont.Software Flaws Cost the Country a BundleQuote of the Week7/1/02 CSC309 Miller 1How Good is Good Enough?Collins, Robert, Keith Miller, Bethany J. Spielman, and Phillip Wherry. Communications of the ACM January 1994, vol. 37, no 1.4/9/01 CSC309 Miller 2How Good is Good Enough?Significant software when first released will contain errors.Software that matches specifications perfectly can contain errors if specifications are not perfect.Software that matches specifications perfectly and has perfect specifications can be used erroneously by users.So what we are really talking about is when to release software and how to protect against the inevitable errors.4/7/01 CSC309 Miller 3Sample CaseAt Mercy Hospital, Rachel, the vice president in chargeof records and automation, and George, the chief pharmacist, agree that computerization has the potential for increasing the efficiency of the pharmacy.Rachel and George then seem to do everything right.They produce a specifications document which they get approved. They hire consultants to design and implement the system and provide them with specifi-cations for testing procedures. They hire Helen as the consultant to install the system and train the doctors,nurses, and pharmacists who will use the system.Problems that arise include two near mishaps, com-plaints concerning too much typing, and disagreement from doctors with computer generated advice.4/7/01 CSC309 Miller 4More DetailsThe old system had problems and it was in part withthe thought that the new system would be safer, that the new system was developed and installed.The system did not identify the source of changes to the data base so that when problems arose it was not clear if they were system or operator errors.Part of the new system was built on a large warehouse inventory program that had been in use for almost five years.The amount of typing involved sort of grew and caught everyone by surprise.Ann Frederick, a nurse and vocal critic, caught both problems.3/9/09 CSC309 Miller 5Rawlsian ApproachWe observe that participants of society interact with one another in cooperation and conflict. "They cooperate since they can achieve a better life together than they could alone, they contend since they are personally affected by how the benefits of their cooperation are distributed."9/27/08 CSC309 Miller 6Rawlsian ApproachRawls proposes that the social contract be created in a negotiation session conducted by members of society in which the participants do not know how any alternatives will affect their own positions. They must evaluate scenarios in which they could become the most or least favored party.4/7/01 CSC309 Miller 7Software Process Principal Actors1. Software provider2. Software buyer3. Software user4. Penumbra (Anyone else who could be affected by the software).4/7/01 CSC309 Miller 8PrinciplesIf we apply a Rawlsian negotiation scheme to our software problem, we would probably arrive at the following principles.1. Least Advantaged. Don't increase harm to the least advantaged.2. Risking Harm. Don't risk increasing harm in already risky situations.3. Publicity Test. Use publicity test for difficult cost benefit trade-offs. [Make only those decisions you can defend with honor before an informed public.]4/7/01 CSC309 Miller 9Analysis1. Identify the players.2. Review the three Rawlsian principles. For the least advantaged sometimes you can use thefocus of criticism/concern as representative. Most of the time you simply select someone to be advocate. Risking harm Publicity test. Can everybody make the case that the software is safe?3. Analyze responsibilities of the players and identify actions each player could take to advance the threeRawlsian principles.4/7/01 CSC309 Miller 10Software is not a typical product1. Software errors can remain after extensive testing.2. It is difficult/impossible to construct uniform software standards which could be subject to regulation and inspection.3. Software affects an increasingly large number of people.4. Anybody can produce software.5. Software threats tend to be dispersed.Because the dangers of software cannot be controlled well, there are additional ethical responsibilities to minimize risk.4/7/01 CSC309 Miller 11GuidelinesFrom "How Good is Good Enough"1. Providers have an ethical responsibility to do athorough, careful job when writing their bids or contracts.2. Do not increase harm to the people most vulnerableor increase risk in an already risky situation.3. Software developers and buyers have a responsibility to be open and honest about capabilities, safety, and limitations of the software in communication with customers, employees, others who are affected by it,and the public, where appropriate.4/7/01 CSC309 Miller 12Guidelines Cont.From "How Good is Good Enough"4. Developers and buyers have an obligation to properly train users. Buyers and users have a responsibility to understand the limitations of the software and its proper operation.5. Developers and buyers should include users in the planning and testing stages to improve safe functioning of the system.9/25/08 CSC309 Miller 13Software Flaws Cost the Countrya Bundle--25 & 27 June 2002 National Institute of Standards and Technology(NIST) Study"buggy software" costs the US $59.9 billion annually,with the lion's share of the burden falling on consumers. Better testing could reduce the cost by as much as 1/3, or $22 billion. (Interesting math)7/8/02 CSC309 Miller 14Quote of the Week (from CIO Magazine, July 1, 2002)Kevin Turner,CIO of Walmart, says,"I'd really like to see our technology vendors step up and help us with these [security] vulnerabilities because the money that we are pouring into security right now is being pulled away from development and strategic things that we could be investing in. A lot of the vulnerabilities that we deal with are preventable and could be avoided if the technology vendors would do the due diligence to tighten up[the security configuration of] their