Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses

Re: Re: Re: "Buffer Overflow" rant in Risks Digest

by converter (Priest)
on Jan 07, 2002 at 08:13 UTC ( #136770=note: print w/replies, xml ) Need Help??

in reply to Re: Re: "Buffer Overflow" rant in Risks Digest
in thread "Buffer Overflow" rant in Risks Digest

Would a manufacturer of automobiles, for instance, be willing to warrant his products against catastrophic failure if he were forced to build his product using materials from sources who refused to make similar guarantees, because the materials from which they manufactured their products offered no guarantees?

No. He'd be insane.

When you write software, you can't guarantee much unless you can be certain that the software used to create it and the software upon which it depends come with the same assurances.

What about liability? ISVs have been playing the blame game for years. They get away with it because their denials are plausible. I doubt this will ever change.

  • Comment on Re: Re: Re: "Buffer Overflow" rant in Risks Digest

Replies are listed 'Best First'.
Programmers should be board-certified, just like doctors, lawyers, and CPAs
by dragonchild (Archbishop) on Jan 07, 2002 at 19:45 UTC
    A doctor can be sued for malpractice because the medicines s/he uses are certified by the federal government. An engineer can be sued because s/he does no building, only planning. If the building goes according to spec and the building fails, the design (aka, the engineer) is at fault.

    Hence, if compilers and toolkits are certified by some board/government, and I use them, and my software fails ... I am liable. If I create software that allows for a known hack, such as buffer overflow, to happen ... I am liable. If I make a design and it is faithfully executed, but the application fails ... I am liable.

    I think that programmer liability is a very good thing. It would require that programmers be certified, similar to a bar or CPA exam. I would take one and accept its results.

    It would require that the pace of innovation be slowed down so that advances are scrutinized. I would prefer this. (Think about it this way - would you want to go into an operating room knowing your doctor is using a technique he developed and no-one else has scrutinized?)

    It would require that there is some standardization in the world. As far as I know, there is no perlmonk who would vote against this idea. (Some of us might be out of jobs, but I know I don't like retrofitting interfaces ... do you?)

    I think that board-certifying programmers is an excellent idea. That way, employers have a guarantee on what that candidate can do.

    The first thing that needs to be certified is not products, but people.

    We are the carpenters and bricklayers of the Information Age.

    Don't go borrowing trouble. For programmers, this means Worry only about what you need to implement.

      Actually, I'd argue that you're looking at this from the wrong angle.

      Certification in engineering, at least, means that you have had schooling, shown competiency in the field, and have proven your knowledge and skills on a battery of written tests. For most projects which call for the construction of buildings, infrastructure, process plants, etc, the ground cannot be broken until every part of the construction, from groundwork, environmental impact, and the like, has been signed off by a respective certified engineer (that is, your civil eng. would sign off on the infrastructure and land usage, your mech eng. on the structural stability, etc.) This is to ensure that any construction that has potental public impact (which typically is ANY large-scale construction) has been 'approved' at some point by people competitent in the field. If that structure should fail in a way that should have been predictable, then those that signed off on it are responsible.

      However, not *every* construction project has to be approved or signed off by a Professional Engineer. For example, if you wanted to add on to your house, you typically need to get some license for construction and approval by a local government before you start, but they typcially don't care about the full extent of construction, only the general type of work that you're doing.

      Applying the analogy to computer programming, there ought to be a PE classification for programmers, certainly, but I would not necessarily see it as mandatory for all programmers. A duty of a so-called CompEng PE would be to make sure that code that is bound for release into a sector that may affect the well-being of the public is as bug-proof as possible. And note that this would not be for all code: we're talking ares such as medical devices, traffic control systems (ground or air), and similar fields that if the code fails, lives could be in danger; if some code happened to lose your tax payment for the year, for example, that's not life threatening, and thus not critical for a PE review, but certainly couldn't hurt. The need for such a PE review for code would require frequent code reviews, as well as processes in place for companies to earmark code as 'passed', such that when ready to ship, the PE only needs to sign off on it. But you'd only need to have one or two PEs around for a small company, as adding that PE to your name CAN increase your base pay as well.

      But there are people that program not for companies but on their own; if we forced any code that was released into the world to have been PE-approved, the small-time, shareware/OSS programmer may become a dying breed. Instead, we want the situation where you can modify your house without PE intervention; you want to be able to write your own code without having to answer to someone else. So requiring certification for all code is a bad idea.

      While I do support the concept of a PE for comp eng, I think that the attitudes of many businesses in the tech field is a long way off from it. As you point out, the rapid-release cycle of late, which is a major cause for many bugs, would be too much for a CE PE to be able to keep up with. Again, we have Netscape to blame for this, as they were probably the first group to widely distribution true 'beta' versions of their software to the public en masse, and thus being the development cycle of releasing many weak versions often instead of one strong version once with patches between versions. Certification of developers would not help with that.

      Dr. Michael K. Neylon - || "You've left the lens cap of your mind on again, Pinky" - The Brain
      "I can see my house from here!"
      It's not what you know, but knowing how to find it if you don't know that's important

      5 minutes after such a liability law was passed, I would decide never to post code publically to places like PerlMonks, and not to post code to places like CPAN.

      Even if I was perfectly sure that I wrote code with no mistakes, there is no way I want to have to prove that in a court that is hard for me to get to because some idiot in South Dakota refused to understand that the bug is in their code, not mine. And, of course, I am not perfectly sure. Reasonably sure? Yes. But if you are writing software for monitoring hearts, and you use code I gave away for fun, then should be your responsibility to validate that the code is sufficient to your needs before you use it.

      I think you will find that, no matter how you cut it, this is a thorny issue.

        • you post code and
        • you claim it is certified
        You should be held liable. But, if either is not true, then you shouldn't be held any more liable than you can be right now.

        We are the carpenters and bricklayers of the Information Age.

        Don't go borrowing trouble. For programmers, this means Worry only about what you need to implement.

      ... if compilers and toolkits are certified by some board/government, ...

      ... require that there is some standardization in the world. As far as I know, there is no perlmonk who would vote against this idea.

      • Isn't this Ada?
        Now, Ada has it's uses, but do we really want all software to look like that?
      • The certifying experts can be wrong too. How does one decide who to sue?
      • There is always a tradeoff between safety and freedom and, IMNSHO, the apparent gains of safety are seldom real and seldom worth the loss in freedom.
      • Not all software is important enough to require certified programmers willing to bet their family's financial future on the likelyhood that their software won't fail.
      • Laws already exist to handle the situations where it is important enough. If Boeing's new airliner starts falling out of the sky because some yayhoo wrote bad code, they're going to get in serious legal trouble, disclaimers of non-fitness for a particular purpose or not.


        About 100 years ago, all you needed to become a doctor was to move into some town with your snakeoil and set up shop. There was no certification process. In fact, most people didn't know that there was a learning process to become a doctor, other than the apprenticeship process.

        Then, some upstart organization calling itself the American Medical Association decided to come along and say "You're not a doctor unless we say you are". It took a while, but after the federal government gave the AMA its blessing, then people started demanding to see AMA certification before they'd send their kids to you.

        Within a generation, AMA certification started saving lives. Sure, a lot of people complained, citing most of the same complaints that you did. But, I think we're all happier knowing that the AMA does exist. I know I am.

        Now, what about creating the American Computing Association, along the same lines? Computing professionals certify their own, just like doctors, lawyers, and accountants do. We, as a community, say "Yes, that person can do the things we feel that a given computing engineer in the field of XYZ should be able to competently do."

        As for what a Computing Engineer should do ... Masem has it right. They would be responsible for making sure that a given project is certifiably sound. That all the correct designs and processes were followed in the lifecycle of the project. Exactly the same way any other engineer would do it.

        Yes, this would slow down the software releases for those products that have to be certified. You know, things like air control, electricity generation, and Microsoft Office.

        Why Office? Not because the government will demand it, like it would the former ones. Because the marketplace will demand it. Can you imagine a multi-billion dollar company saying "Yeah, we'll take your uncertified software" when there is a possibility to purchase certified software, even if it is more expensive? I certainly wouldn't.

        Now, there will always be a market for uncertified software, because it'll be cheaper. But, the idea that ALL software would have to be certified is ridiculous. And, to use that as an argument against certification of any kind is equally ridiculous.

        We are the carpenters and bricklayers of the Information Age.

        Don't go borrowing trouble. For programmers, this means Worry only about what you need to implement.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://136770]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (7)
As of 2018-02-22 15:00 GMT
Find Nodes?
    Voting Booth?
    When it is dark outside I am happiest to see ...

    Results (294 votes). Check out past polls.