Henry Petroski long ago noted that we learn very little from our successes (of which there are relatively few in large software projects) and that we need to learn much more from our failures (which are numerous in computer systems). With respect to software development, there are many lessons we should be learning from many cases collected in the Online Risks Forum and the ACM SIGSOFT Software Engineering Notes. Based on these cases, this talk will consider some of the main challenges in developing trustworthy systems and networks that must (for example) be secure, reliable, and survivable in the face of a wide range of adversities. This is not simply a turn-the-crank process, and requires great ingenuity, experience, discipline, and above all, managerial understanding and control. The difficulties of realistically applying the engineering aspects of what is euphemistically called software engineering are enormous; significant discipline is required that is seldom found in practice, in addition to inherently robust architectural concepts that allow facile composition of systems and networks out of subsystems. For example, we need more efforts such as those suggested half a century ago by Shannon and von Neumann in building trustworthy systems out of less trustworthy components. Furthermore, vision is needed to avoid excessive costs and delays in development and serious risks in operation; to manage development efforts; to inspire relevant long-term research; to anticipate and minimize problems of usability; and above all, to enable the creation of effective long-term strategies and to recognize that short-term strategies are often counterproductive technologically. The talk will be illustrated with numerous examples from the RISKS archives.
Extensive background can be found on the Web:
Peter G. Neumann (Neumann@CSL.sri.com) has doctorates from Harvard and Darmstadt. After 10 years at Bell Labs in Murray Hill, New Jersey, in the 1960s, during which he was heavily involved in the Multics development jointly with MIT and Honeywell, he has been in SRI's Computer Science Lab since September 1971. He is concerned with computer systems and networks, security, reliability, survivability, safety, and many risks-related issues such as voting-system integrity, crypto policy, social implications, and human needs including privacy. His book, Computer-Related Risks, has gone through five printings, and is now being cranked out as needed by Addison-Wesley. He is on the Editorial Board of IEEE Security and Privacy. He moderates the ACM Risks Forum, edits CACM's monthly Inside Risks column, chairs the ACM Committee on Computers and Public Policy, and co-founded People For Internet Responsibility (PFIR). He is a Fellow of the IEEE, ACM, and AAAS, and is also an SRI Fellow. He is the 2002 recipient of the National Computer System Security Award. He is a member of the U.S. Government Accountability Office (formerly General Accounting Office) Executive Council on Information Management and Technology, and the California Office of Privacy Protection advisory council. He has taught at Stanford, U.C. Berkeley, and the University of Maryland. See his Web site for further background, Senate and House testimonies, bibliography, etc.
Return to Santa Clara Valley Chapter IEEE Computer Society page.