Ethics in Information Technology Chapter 7 Software Development Ethics in Information Technology
Learning Objectives Why must companies place an increased emphasis on the use of high-quality software in business systems, industrial process-control systems, and consumer products? What potential ethical issues do software manufacturers face in making trade-offs between project schedules, project costs, and software quality? What are the four most common types of software product liability claims? 2
Learning Objectives What are the essential components of a software development methodology, and what are the benefits of using such a methodology? How can the Capability Maturity Model Integration® improve an organization’s software development process? What is a safety-critical system, and what special actions are required during its development? 3
Introduction 4 Easy to learn and use because they perform quickly and efficiently, meet their users’ needs, and operate safely and reliably so that system downtime is kept to a minimum High-quality software systems Error that, if not removed, could cause a software system to fail to meet its users’ needs Software defect Degree to which a software product meets the needs of its users Software quality Defining, measuring, and refining the quality of the development process and the products developed Deliverables: Products of quality management Quality management
Causes of Poor Software Quality Developers must define and follow a set of software engineering principles Be committed to learning from past mistakes Developers must understand the environment in which their systems will operate Design systems that are immune to human error Extreme pressure that software companies feel to reduce the time to market for their products Resources needed to ensure quality are cut under the pressure to ship a new product 5
Importance of Software Quality Business information system: Set of interrelated components that collects and processes data and disseminates the output Decision support system (DSS) Controls industrial processes and the operation of industrial and consumer products Mismanaged software can be fatal to a business Miss product deadlines, increased product development costs, and delivery of low quality products Use of software introduces product liability issues 6
Software Product Liability Product liability: That of manufacturers, sellers, lessors, and others for injuries caused by defective products Based on strict liability, negligence, breach of warranty, or misrepresentation Strict liability: Defendant held responsible for injuring another person, regardless of negligence or intent Plaintiff must prove only that the software product is defective or unreasonably dangerous and that the defect caused the injury 7
Software Product Liability Legal defenses used against strict liability Doctrine of supervening event Government contractor defense Expired statute of limitations Negligence Failure to do what a reasonable person would do, or doing something that a reasonable person would not do Contributory negligence: Plaintiffs’ own actions contributes to their injuries 8
Software Product Liability Warranty: Assures buyers or lessees that a product meets certain standards of quality Breach of warranty: Lessee can sue the lessor if the product fails to meet the terms of its warranty Difficult to prove because the software supplier writes the warranty to limit liability 9
Software Development Methodology Standard work process that enables controlled progress while developing high-quality software Use of an effective methodology protects software manufacturers from legal liability Reduces the number of software errors If an organization follows widely accepted development methods, negligence on its part is harder to prove Quality assurance (QA): Methods within the development cycle designed to guarantee reliable operation of a product 10
Figure The Cost of Removing Software Defects 11 Source Line: Used with permission from LKP Consulting Group
Dynamic Testing Dynamic testing: Entering test data and comparing the results with the expected results in a process Black-box testing: Viewing the software unit as a device that has expected input and output behaviors but whose internal workings are unknown If the unit demonstrates the expected behaviors for all the input data in the test suite, it passes the test White-box testing: Treats the software unit as a device that has expected input and output behaviors but whose internal workings are known 12
Types of Software Testing Static testing Integration testing System testing User acceptance testing 13
Capability Maturity Model Integration (CMMI) Process-improvement approach that defines the essential elements of effective processes Identifies the issues that are most critical to software quality and process improvement Enables an organization to track, evaluate, and demonstrate its progress 14
Table Definition of CMMI Maturity Levels 15 Source Line: Used with permission from Carnegie Mellon University
Safety-Critical Systems Whose failure may cause injury or death Safe operation relies on the flawless performance of software Key assumption - Safety will not automatically result from following the organization’s standard development methodology Tasks require: Additional steps More thorough documentation Vigilant checking and rechecking 16
Safety-Critical Systems System safety engineer: Uses a logging and monitoring system to track hazards from a project’s start to its finish Hazard log: Used to assess how detected hazards have been accounted for When designing, building, and operating a safety- critical system a formal risk analysis is to be conducted Redundancy: Provision of multiple interchangeable components to perform a single function in order to cope with failures and errors 17
Safety-Critical Systems N-version programming: Approach to minimizing the impact of software errors by independently implementing the same set of user requirements N times Multiple software versions are unlikely to fail at the same time under the same conditions Consequences of failure can be mitigated by devising emergency procedures and evacuation plans 18
Reliability and Safety in Safety-Critical Systems Reliability: Measure of the rate of failure in a system that would render it unusable over its expected lifetime Capability of the system to continue to perform Safety - Ability of the system to perform in a safe manner System-human interface - Important and difficult areas of safety-critical system design Design of the system should not allow for erroneous judgment on the part of the operator 19
Quality Management Standards ISO 9001 family of standards Guide to quality products, services, and management Organization must submit to an examination by an external assessor to obtain the certificate Failure mode and effects analysis (FMEA) Used to develop ISO 9001-compliant quality systems By evaluating reliability and determining the effects of system and equipment failures Failure mode: Describes how a product or process could fail to perform the desired functions described by the customer 20
Steps to Identify the Highest Priority Actions Determine the severity rating Determine the occurrence rating Determine the criticality Determine the detection rating Calculate the risk priority rating 21
Summary Demand for high-quality software is increasing Developers are under extreme pressure to reduce time to market of products Software product liability claims are frequently based on: Strict liability Negligence Breach of warranty Misrepresentation 22
Summary Software development methodology Defines activities in the development process Defines individual and group responsibilities Recommends specific techniques Offers guidelines for managing product quality CMMI Defines five levels of software development maturity Safety-critical system Failure may cause injury or death 23
Summary ISO 9001 standard is a guide to quality products, services, and management Failure mode and effects analysis (FMEA) is an important technique used to develop ISO compliant quality systems 24