[trustable-software] What is Trustable About ?

[trustable at panic.fluff.org]

On Sun, 31 Mar 2019, Dan Shearer wrote:

> On Sun, 31 Mar 2019 at 11:26, <trustable at panic.fluff.org> wrote:
>
>> As i've raised several times on this list, it is my view that trustable is
>> about 'harm' and this exists large number of realms, and not just
>> personal, but corporate and societal. My particularly concern is that
>> complexity cannot and is not to be avoided, but by its nature often brings
>> with it difficulties in understanding the implications and as seen by
>> behaviour of complex systems their societal impact in the end harms
>> society and so the individual.
>
> Complexity, cascade failures and the like are very important. But I
> also like to use specific examples of code, and here's one. Because
> otherwise theoretical notions of Good Software end up dancing on the
> head of a pin.
>
> SQLite considered the most widely used database in the world. The
> SQLite code is found in all sorts of surprising places because it is
> quick, simple, free and also often found in libraries that the user
> may not even be aware of. It is very easy to demonstrate that SQLite
> is corruptible, indeed it is corruptible by design according to the
> documentation: https://www.sqlite.org/isolation.html , and that is
> without its many other well-known limitations. Therefore for many
> purposes SQLite cannot be regarded as trustable, whatever the
> definition. I will not try to get a list of safety critical places
> SQLite is used, as the most popular database by a long shot, the
> answer is "all kinds of embedded and IoT devices and desktop software
> besides".
>
> Could Trustable move the needle on this sort situation?

So, I am going to state clearly once and for all, in my view there is is 
not nor can I see when there will a 'Good Software notion'. Right from the 
work for Klari Von Neuman to the poor efforts of myself, there are so many 
successful approaches that I don't believe there to be any value in having 
'one ring to rule them all' and it turns into navel gazing to seek this.

However, I do believe this is about managing risk and the implications of 
risk. I think you case of SQLite is perfect. It is about managing the 
'blast radius' in which the impact of a decision and its implementation 
impacts what is going on.

Just as Enrico Fermi used indirect measures to calcuate that blast radius, 
in software engineering we probably have to collect indirect measures of 
how software development is done and the associated processes to 
understand whether we should express trust within its execution in a known 
context.

Part of trustable's job shine a light on evidence collection points for 
improvement and supporting claims to argue that we should have trust for 
the behaviour and so associated outcomes of this software and supporting 
systems. But also part of trustable's job is to show how the engineering 
can be improved as well and offer techniques to have these discussions 
around the 'blast radius' of 'harm' within the context of which systems 
are being executed.



-- 
========================================================================
Edmund J. Sutcliffe                     Thoughtful Solutions; Creatively
<edmunds at panic.fluff.org>               Implemented and Communicated
<http://panic.fluff.org>                +44 (0) 7976 938841