Thursday, September 24, 2009

Presidential Address

I gave my first address as President yesterday evening, at Clyde Road and via Webex. I'll be giving a small number of invited repeat performances throughout the remainder of the year.

My main theme was the technical challenges in certifying software design and development as safe - safe from harming humans or damaging property.

Regulation of Engineering in Ireland is a key issue for Engineers Ireland. Currently, the profession is weakly regulated as compared to certain other jurisdictions. Elsewhere, all engineering works which may impact the health and safety of the public, or may give rise to material harm to property, must by law be duly certified by a professional Engineer.

As a further example, regulatory authorities are introducing policies which require safe software. For example, the EU Medical Devices Directive in effect requires most medical devices to be certified as safe - not just the plugs, connectors and hardware but also any embedded software.

In my presentation, I consciously tried to address both non software specialists in the audience, as well as practitioners. I summarised the advances in software engineering and methodologies since the first software programmes, and gave a review of the current state of the art.

I observed that as software engineers, we are getting better than we were a decade ago at capturing the specification for a system; we are getting better at designing an implementation of that specification; we are getting better at predicting the performance response of that implementation; we are getting better at building that implementation by re-using other components; and we are getting better at describing our implementation so that other software engineers after us can maintain and extend what we have done.

But nevertheless we still lack a tractable physics of software that allows our profession to reason and predict how complex assemblies of varieties of software components will interact and behave under all the potential operating conditions which they may encounter during their lifetime. Other engineering disciplines do have an underlying physics. Without such a physics for software, it appears difficult to analytically evaluate alternative designs; without such a physics, it appears difficult to understand our systems, how they actually operate and sometimes why they fail; without such a physics, it appears difficult to confidently provide design guidelines; and until we have such a physics, software engineering may continue to be a creative undertaking based on heuristics and experience, rather than an applied science with a sound analytical base.

I illustrated my talk with a number of software disasters. In particular I highlighted Lt. Col. Petrov's bravery in 1983 in the USSR in recognising that a multi-ICBM missile salvo from the USA at the height of the Cold War (shortly after the shoot-down of KAL 007) was probably a false positive.

The webex recording of the talk is available on our web site here: but, be warned, it is almost 90 minutes long..


  1. Chris,
    I was in Dublin last night and went along to your address - it was really excellent and, as a no-longer-practicing software engineer, most enjoyable! I think you walked the line between software engineers and non-software engineers particularly well.

    During your address one of the areas you focused on was the difficulty in making pre-developed components a practical aspect of software development. One of the reasons for this, as you correctly identified, is the not-invented-here mindset that bedevils so many developers.

    One of the ways advocated over the years to improve software quality has been to focus on process and practices, e.g. the CMM. I wonder, did approaches like this promote a distrust of third party components as companies felt they could not control the process under which they were developed? The impact of for instance the US military insisting on only dealing with high CMM level companies may have unitentionally set the software industry?

    Congratulations once again on your address.



  2. Hi John,

    thanks for the kind words.

    Personally, I do not believe processes such as CMM have in any way promoted distrust of third party components, but of course I would be interested in any views to the contrary.

    Somewhat related, I find it interesting that increasingly Governments are interested in open source technologies, not just perhaps in the belief of cost reduction over proprietary products, but also because the quality of the code is visible and apparent...

    best wishes