Problems in defining software engineering mean that people
developing critical systems are inadequately trained and do not
know their limitations, according to John Knight, professor of
computer science at the University of
Virginia.
"Why do software-related failures occur? In part - and I would
claim in large part - it is because those who develop such systems
are not trained in basic software development," Knight told a
meeting of the BCS Safety-Critical Systems Club.
"They can often produce software that provides certain basic
functionality, but they fail to understand or are completely
unaware of topics such as the crucial importance of specification,
the difficulties that arise in concurrent programs, the limitations
of testing, the effects of rounding error or the lack of timing
predictability in processors."
Knight said that whereas other engineering disciplines were
supported by specific degrees - electrical engineers, for example,
complete electrical engineering degrees - computing undergraduates
typically receive limited education on software engineering.
"To be a successful and responsible professional in safety-critical
systems, a developer must understand the intricacies of a large
number of fields, including real-time systems, formal specification
and dependability assessment, among others. In a typical computer
science degree these topics might only be options and a student
would only be able to take one or two," Knight said.
Another problem with software engineering is that there is no
agreed set of topics in which an engineer should be trained, Knight
said.
In traditional branches of engineering there are well-established
scientific principles. Civil engineers, for example, can use
elements such as data about materials to work out the strength of a
structure.
Knight said software failures could not be eliminated totally.
"Mistakes in software development will continue to be made, no
matter how carefully the software is built, and failures will
continue to occur: that is the way things are in engineering. But
the current situation is unacceptable, and far worse than most
people realise," he said.
The answer lies in proper training, and an appreciation of its
limitations. "Ensure that those building safety-critical software
are properly trained. Ensure they know how to apply the training
they have. Ensure they understand the limitations of their
training. Knowing the syntax of Java does not make someone a
software engineer," said Knight.
"Just as in other fields where the consequences of failure are very
high, ensure that practitioners are properly monitored by their
colleagues, independent auditors and government regulators.
"The cumulative losses associated with software-related failures
have become very high and the situation must be addressed quickly
and effectively."