Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phil Laplante, CSDP, PE, PhD Professor of Software Engineering Penn State Chair, Software PE Exam Development Committee.

Published byMina Rowbottom Modified over 10 years ago

Similar presentations

Presentation on theme: "Phil Laplante, CSDP, PE, PhD Professor of Software Engineering Penn State Chair, Software PE Exam Development Committee."— Presentation transcript:

1 Phil Laplante, CSDP, PE, PhD Professor of Software Engineering Penn State Chair, Software PE Exam Development Committee

2 Outline of talk Why do we need licensure of software engineers? Status of US licensure project Identifying critical systems Allocating responsibility (blame) Challenges and unanswered questions Future work ERE 20122

3 A scenario Hot pizza vending machine explodes due to a software error – two persons are badly burned Original code written in basement by young entrepreneur with no formal education Prototype and code acquired by Big Als Pizza Vending, Inc. Defect was introduced by original developer Who is at fault/liable? Could risk to public have been reduced? SERE 20123

4 Licensure The goal of a software engineer is to retire without having caused any major catastrophe. Dilbert Licensure demonstrates minimum competency in a discipline States license doctors, nurses, accountants, lawyers, engineers (…barbers, plumbers, tattoo artists, etc.) Certification (e.g. CSDP, CISSP, PMP) is voluntary, licensing is mandatory 4SERE 2012

5 Why licensure? States require licensure of certain engineers to ensure that any practitioner is at least minimally competent Intent is to protect the public from injurious consequences of incompetent engineers Licensure is required if the engineer is involved in building a system whose failure could cause significant harm is offering his services directly to the public and not through a corporation, or government entity SERE 20125 What does involved mean?

6 Current status of licensure Licensure hotly debated for years 1998 Texas began licensing software engineers through portfolio review Alabama, Delaware, Florida, Michigan, Missouri, New Mexico, New York, North Carolina, Texas and Virginia expressed interest in developing a Principles & Practices exam All other states and U.S. jurisdictions (District of Columbia, Puerto Rico, Guam) can offer exam Exam will be available April 2013 Some provinces in Canada require licensure of software engineers SERE 20126

7 The path to licensure Appropriate degree from an ABET-accredited program Fundamentals of Engineering examination Four years +/- of relevant experience Principles and Practice (PE) exam This exam was the only missing item in the path to licensure for software engineers. Differences by states?....usually in qualification to sit Years of experience Waiver process, grandfathering, recognition of certifications Model law has yet to be written 7SERE 2012

8 Organizations involved in licensure effort NCEES NSPE IEEE – USA IEEE Computer Society Texas Board of Professional Engineers Prometric 8SERE 2012

9 Creating the test specification Develop Professional Activities and Knowledge/Skills Study (PAKS) survey pilot Pilot sent to 22 individuals Pilot survey results analyzed and survey adjusted Conducted PAKS survey (323 respondents) Survey results analyzed Test specifications and number of questions in each area determined 9SERE 2012

10 Test specification: knowledge areas SERE 201210 % of exam # of items 1. Requirements17.5014 2. Design13.7511 3. Construction11.259 4. Testing12.5010 5. Maintenance7.506 6. Configuration Management7.506 7. Engineering Processes7.506 8. Quality Assurance7.506 9. Safety, Security, and Privacy15.0012

11 Building the exam Committee of 20+ licensed PEs working in software engineering In person and online meetings Items are written by one PE and reviewed by three other PEs Test is assembled and pre-tested by 2 other PEs All exams under strict access control Statistics collected and analyzed after each test administration Same process as all other PE exams SERE 201211

12 Who would need a license? Would all software engineers need to be licensed? No, only those providing their services directly to the public Would all software have to be developed or supervised by licensed software engineers? no, only software that has an impact on the lives, property, economy, or security of people Licensing software engineers isnt a once-in-a-lifetime event Engineers must renew their licenses annually and may be subject to mandatory continuous professional development Source: Krutchten, 2009 12SERE 2012

13 How many licensed software engineers? There are at least two different versions of this question: How many will be needed? How many software professionals will become licensed? The first question seems to be harder to answer…. The second question…methods for estimating the eventual number of licensed professional software engineers Number of software PEs in Canada – extrapolate Number of CSDPs in US – extrapolate Number of licensed SW engineers in Texas – extrapolate SERE 201213

14 First question: projected growth in software engineers in the US Source: US Bureau of Labor StatisticsSERE 201214 Occupational Title Employment, 2008 Projected Employment, 2018 Change, 2008-18 NumberPercent Computer software engineers and computer programmers 1,336,3001,619,300283,00021 Computer programmers426,700414,400-12,300-3 Computer software engineers909,6001,204,800295,20032 Computer software engineers, applications 514,800689,900175,10034 Computer software engineers, systems software 394,800515,000120,20030

15 Which systems affect the health, safety and welfare of the public? Typical domains medicine, transportation, infrastructure, commerce, finance Typical applications implantable medical devices, automobiles, elevators, power systems, financial and health record management systems Less-obvious entertainment – e.g. amusement park ride consumer goods – e.g. microwave oven … etc. SERE 201215

16 Some examples SERE 201216 Critical?Non critical (?) Drone aircraftRemote controlled model airplane Hot pizza vending machineSoda vending machine Robot surgeryAutomated tattoo machine Medical records systemMedical appointment self- registration system Pension management systemOnline stock trading system Nuclear power plantWind power generator

17 Taxonomy of critical systems It would be difficult/impossible to create a comprehensive taxonomy of licensable systems may be some sort of incompleteness problem this is an area for research More likely, systems will be identified as built Can we create a set of questions that can be used to determine if a software system can have an adverse effect on the public? SERE 201217

18 Identifying questions 1. Does the software control a device or devices that could directly inflict harm to a human being if there was a malfunction? 2. Does the software put the assets of an individual or corporate entity at risk beyond the normal amount of risk assumed in everyday business transactions? 3. Does the software expose identifying information of an individual or a corporate entity that would violate any federal, state or local laws? 4. Does the software interact with other systems in way that directly satisfies 1-3 above? SERE 201218

19 Using the questions Consider: insulin pump, automotive braking, roller coaster, telemetry monitor, and water treatment plant all would answer yes to question 1. Consider: financial systems such as tax return preparation software, an e-commerce site, or a pension fund management system would likely answer yes to question 2. What about the tax preparation software and pension fund management, e-commerce systems might also answer yes to question 3 SERE 201219

20 Simple interactions SERE 201220 S1S1 S2S2 SnSn S n-1 … How does failure in S n affect S 1 ? Who is responsible? What about question number 4 – interactions? a harmless piece of software may eventually cause a catastrophic failure

21 A possible approach Reduce the responsibility to the engineer as a function of the distance of interaction (e.g.) liability for engineer working on system S 1 should be 100%, liability for engineer working on system S 2 should be 50%, and so on In general, responsibility for the engineer of system S n, is 1/2 n-1 of the total liability Complicating factors sequence in which the systems are developed, whether interactions where envisioned or known previously, whether standards based design is used and so on what about complex interactions (next slide) Do we like this model? if a failure in system S 6 triggered a reaction that ultimately led to harm to the individual, to what extent is the software engineer really responsible for the failure of S 6 culpable for the harm to the human? 1/64 th ? Note: this kind of thing happens in other domains – e.g. road construction SERE 201221

22 Complex interactions SERE 201222 S1S1 S2S2 S4S4 S3S3 S5S5 S6S6 How does failure in S n affect S 1 ? Can security vulnerability in S n affect S 1 Who is responsible?

23 Chain of interactions Do we need to consider all software and the interactions – transitive closure of safety/security e.g., a security breach to a non-critical system linked to a critical one causes a public disaster should it be concluded that the non-critical system was really critical? What responsibility does the engineer of S n have? The answer to these kinds of questions are unclear may have to be decided by juries and judges SERE 201223

24 Is formal modeling the answer? To address such a question a more sophisticated mathematical model of systems interactions e.g. Churchs Lambda Calculus Category theory Communicating Sequential Processes (CSP) Classical reliability theory A pure mathematical formulation, however, would be insufficient for the determination of legal responsibility for failure A thorough analysis would also have to take into account technical, legislative, sociological, psychological and environmental factors Clearly more technical, legal and incident analysis is needed SERE 201224

25 Third party components How do we treat software components produced in other countries open source communities states where licensure is not required entities that are not transparent (e.g. classified organizations)? Answer: same way as other engineering disciplines e.g. licensed civil engineers spec steel produced in another country The engineer puts his license and even freedom on the line, to insure that these external components are safe to use Same in other professions nurses who must refuse to administer medications ordered by a doctor if the nurse believes the medication would be harmful to the patient same representations must be made by software engineers responsible for building high reliability and safe/secure critical systems SERE 201225

26 Asimovs Laws R1. A robot may not injure a human being or, through inaction, allow a human being to come to harm. R2. A robot must obey any orders given to it by human beings, except where such orders would conflict with the First Law. R3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law. SERE 201226

27 A possible framework for software security/safety S1. Software may not injure* a human being or, through inaction, allow a human being to come to harm S2. Software must respond to commands given to it by human beings, except where such inputs would conflict with S1. S3. A software system must protect its own existence as long as such protection does not conflict with the S1 or S2. *cause significant harm to health, safety, welfare or violation of privacy SERE 201227

28 Summary Should licensure be required? Are you willing to take personal risk on a software engineering decision? PEs stake their reputations, treasure, livelihood, and freedom Risk tends to raise the standards of decision making Licensing does not prevent failures licensed doctors kill patients through malpractice licensed software engineers will introduce defects into software that can harm the public Licensure raises the standard of practice and provide assurance to the public of minimal competency on the part of practitioners, leads to safer, more secure, and more reliable software systems. We do need to better understand how to allocate responsibility and risk to software systems SERE 201228

29 Summary – continued Software, safety and reliability engineers and lawyers need to conduct further research leading to a comprehensive system for identification of licensable systems, that is, systems under which licensure laws apply a technical and legal framework for modeling systems interactions for the purposes of fairly assigning responsibility for failure a strategy for safely using third party furnished components SERE 201229

30 Contact: plaplante@psu.edu

Download ppt "Phil Laplante, CSDP, PE, PhD Professor of Software Engineering Penn State Chair, Software PE Exam Development Committee."

Similar presentations

10 Reasons to Become a PROFESSIONAL ENGINEER

10 Reasons to Become a PROFESSIONAL ENGINEER
Elements of an Effective Safety and Health Program

Elements of an Effective Safety and Health Program
Facilitated by: Pobal Training Initiative.  Using the “Managing Better” Toolkit  Principles of Good Governance  Key Responsibilities of the Company.

Facilitated by: Pobal Training Initiative.  Using the “Managing Better” Toolkit  Principles of Good Governance  Key Responsibilities of the Company.
Regulatory Clinical Trials Clinical Trials. Clinical Trials Definition: research studies to find ways to improve health Definition: research studies to.

Regulatory Clinical Trials Clinical Trials. Clinical Trials Definition: research studies to find ways to improve health Definition: research studies to.
Engineering A “Learned Profession”  Google “learned professions”  Medicine, law and engineering  A body of knowledge so broad and technical that it.

Engineering A “Learned Profession”  Google “learned professions”  Medicine, law and engineering  A body of knowledge so broad and technical that it.
A Gift of Fire, 2edChapter 4: Can We Trust the Computer?1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical Issues for Computers.

A Gift of Fire, 2edChapter 4: Can We Trust the Computer?1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical Issues for Computers.
Registration for North Dakota Geoscientists under a North Dakota Board of Registration for Professional Engineers, Land Surveyors and Geologists. Dave.

Registration for North Dakota Geoscientists under a North Dakota Board of Registration for Professional Engineers, Land Surveyors and Geologists. Dave.
Educating for a Sustainable Future – Environmental Engineering Body of Knowledge The EE BOK Working Group Debbie Reinhart, PhD, PE, BCEE University of.

Educating for a Sustainable Future – Environmental Engineering Body of Knowledge The EE BOK Working Group Debbie Reinhart, PhD, PE, BCEE University of.
Licensure Requirements for Cosmetic Laser Procedures By: Vickie L. Mickey, CT,CLHRP.

Licensure Requirements for Cosmetic Laser Procedures By: Vickie L. Mickey, CT,CLHRP.
Back to Today’s ppt Introduction to Engineering l Definitions l Technology Team l Engineering Disciplines l Engineering Functions l Career Paths l ABET.

Back to Today’s ppt Introduction to Engineering l Definitions l Technology Team l Engineering Disciplines l Engineering Functions l Career Paths l ABET.
Health Care Careers Education Aspects. Copyright © 2004 by Thomson Delmar Learning. ALL RIGHTS RESERVED.2 Accrediting Agencies Purpose: to establish standards.

Health Care Careers Education Aspects. Copyright © 2004 by Thomson Delmar Learning. ALL RIGHTS RESERVED.2 Accrediting Agencies Purpose: to establish standards.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
ES 101 Projects and Ethics Dr. Robert A. Perkins, PE

ES 101 Projects and Ethics Dr. Robert A. Perkins, PE
1 Global Real Estate Valuation Policy Update: the European Perspective The principle: the EU Treaty does not provide the European institutions with direct.

1 Global Real Estate Valuation Policy Update: the European Perspective The principle: the EU Treaty does not provide the European institutions with direct.
BUSINESS ETHICS (Some Summary Only)

BUSINESS ETHICS (Some Summary Only)
Assessing the impact of an aging workforce across global organizations.

Assessing the impact of an aging workforce across global organizations.
Can We Trust the Computer?

Can We Trust the Computer?
Ch 7: Type of Business Ownership

Ch 7: Type of Business Ownership
Is it Really Engineering? Chapter 3. What's Different about Software? Is it a “dark art”? It’s a strange amalgam of art, craftsmanship, science and the.

Is it Really Engineering? Chapter 3. What's Different about Software? Is it a “dark art”? It’s a strange amalgam of art, craftsmanship, science and the.
Ethics CS-480b Network Security Dick Steflik. ACM Code of Ethics This Code, consisting of 24 imperatives formulated as statements of personal responsibility,

Ethics CS-480b Network Security Dick Steflik. ACM Code of Ethics This Code, consisting of 24 imperatives formulated as statements of personal responsibility,

Similar presentations

Ads by Google