Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!iuvax!cica!tut.cis.ohio-state.edu!gem.mps.ohio-state.edu!ginosko!uunet!kddlab!titcca!sragwa!wsgw!socslgw!diamond From: diamond@csl.sony.co.jp (Norman Diamond) Newsgroups: comp.software-eng Subject: Re: Information on current state of software safety desired Message-ID: <10901@riks.csl.sony.co.jp> Date: 5 Oct 89 05:39:24 GMT References: <1321@cs.rit.edu> <195@cherry5.UUCP> <1989Oct4.055359.15145@paris.ics.uci.edu> Reply-To: diamond@ws.sony.junet (Norman Diamond) Organization: Sony Computer Science Laboratory Inc., Tokyo, Japan Lines: 53 In article <1989Oct4.055359.15145@paris.ics.uci.edu> Nancy Leveson writes: >I was an expert witness on one of the law suits involved with this machine. [LINAC] >the failure resulted from software bugs, not from system design flaws. >>The software developers should have >>been aware of the lethal radiation levels that could be generated and should >>have insisted on a fail-safe shutoff, either as part of the system or parallel >>to it. > >This is not the responsibility of the software developers, but of the system, >nuclear, and safety engineers. The point of view that system engineers or safety engineers have ultimate responsibility is understandable. The suggestion that nuclear engineers have this responsibility is hard to understand. Should their machine not do what it was ordered to do? But morally they should behave with a certain amount of responsibility, and ask "what if...". The suggestion that software engineers do not have this responsibility is also hard to understand. Morally we should behave with a certain amount of responsibility too, and ask "what if...". And we are certainly obligated to test our code. Of course, moral responsibility is difficult. If you are a space shuttle engineer and testify in court that you *did* ask "what if", you might be fired for it. And if you are a software engineer and ask too many times "what if" or try too many times to test your code (when management does not understand or reply), you might be fired even without court testimony. The difficulties of moral standards. >I often >hear software engineers say "there is nothing we can do about software errors, >they will always occur." You hear that from fake software engineers (the kind who don't get fired). >This is just not true. There were many things that >could have been done in this case and in general. This is absolutely true. So why did you say that software engineers did not have responsibility in this particular case? -- -- Norman Diamond, Sony Corp. (diamond%ws.sony.junet@uunet.uu.net seems to work) The above opinions are inherited by your machine's init process (pid 1), after being disowned and orphaned. However, if you see this at Waterloo or Anterior, then their administrators must have approved of these opinions.