[TUHS] Death by bug
Theodore Y. Ts'o
tytso at mit.edu
Mon Jul 12 11:42:58 AEST 2021
On Sun, Jul 11, 2021 at 03:04:53AM -0600, arnold at skeeve.com wrote:
> Ralph Corderoy <ralph at inputplus.co.uk> wrote:
>
> > Given some devices are present in large numbers for many years in
> > hospitals, and there's a lot of hospitals, an unnoticed bug could be
> > steadily chipping away at its human overlords.
>
> This is why I have purposely stayed away from jobs at companies doing
> stuff like this. I know I don't write perfect code; I don't want to
> be responsible for devices that can affect human life. This is also
> discussed in the new edition of "The Pragmatic Programmer", which I've
> just finished reading. (Highly recommended.)
We should never be depending on a human being able to write "perfect
code". Instead, we need to come up with processes so that imperfect
code doesn't escape into production *despite* the fact that humans are
fallible. Such processes might include requiring unit tests,
integration tests, stress tests, etc., requiring code reivews by a
second pair of eyes, perhaps using formal proofs, having multiple
implementations of critical algorithms, cross-checking the results
from those independent implementations, and so on.
The space shuttle used a number of these techniques. It did *not*
depend on super-human, Über-programmers.
- Ted
More information about the TUHS
mailing list