OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ??? (was RE: A simple guy with a simple problem)

3/16/01 6:14:11 PM, Justin Couch <justin@vlc.com.au> wrote:
>Extreme reliability is even more dependent on standard libs than normal
>programming. There is a much higher probability of bugs in custom
>written code than normal stuff - unless we are talking Shuttle software.
>From a software development cost standpoint, it is cheaper to find
>software with known bugs that to write it yourself and have unknown bugs
>or to formally prove that it has no bugs.

A very important point.  It's a psychological illusion that reliability comes 
from doing everything yourself, probably stemming from fears over loss of 
control.  The real problem with doing it yourself is that you probably don't 
have all the resources to do all of it right, so in reality you wind up doing 
a half-ass job on parts of it, and you don't have the experience to know which 
parts are prone to disaster if they're not done right.  An outside supplier, 
OTOH, has probably already run into all the traps and knows how to avoid them.

William Lareau tells a story about a missile manufacturer who themselves did 
all the design for a particular switch used in the guidance system, and then 
took bids to have the switch built exactly according to their design.  The 
chosen contractor did just that, and then a test showed that in about 1% of 
the missiles, the switch was installed backwards causing the guidance system 
to fail.  Lareau's point was the if the missile manufacturer had asked the 
switch manufacturers to share their expertise in the design process, this 
wouldn't have happened because the switch manufacturers would have learned 
from previous customers that this sort of thing was likely to happen and would 
therefore have suggested a design that was impossible to install backwards.

Again, this is largely a psychological thing.  If a manager has a basically 
distrustful and suspicious personality, he's going to get antsy about 
depending on anyone else's expertise and he's going to try to micromanage the 
whole design process, ignoring anyone who knows more than he does.