Ethics in Information Technology

Chapter 7Software Development

Ethics in Information Technology

Learning Objectives Why must companies place an increased

emphasis on the use of high-quality software in business systems, industrial process-control systems, and consumer products?

What potential ethical issues do software manufacturers face in making trade-offs between project schedules, project costs, and software quality?

What are the four most common types of software product liability claims?

2

Learning Objectives What are the essential components of a

software development methodology, and what are the benefits of using such a methodology?

How can the Capability Maturity Model Integration® improve an organization’s software development process?

What is a safety-critical system, and what special actions are required during its development?

3

Introduction

4

• Easy to learn and use because they perform quickly and efficiently, meet their users’ needs, and operate safely and reliably so that system downtime is kept to a minimum

High-quality software systems

• Error that, if not removed, could cause a software system to fail to meet its users’ needs

Software defect

• Degree to which a software product meets the needs of its users

Software quality

• Defining, measuring, and refining the quality of the development process and the products developed• Deliverables: Products of quality management

Quality management

Causes of Poor Software Quality Developers must define and follow a set of

software engineering principles Be committed to learning from past mistakes

Developers must understand the environment in which their systems will operate Design systems that are immune to human error

Extreme pressure that software companies feel to reduce the time to market for their products Resources needed to ensure quality are cut under the

pressure to ship a new product

5

Importance of Software Quality Business information system: Set of

interrelated components that collects and processes data and disseminates the output Decision support system (DSS)

Controls industrial processes and the operation of industrial and consumer products

Mismanaged software can be fatal to a business Miss product deadlines, increased product development

costs, and delivery of low quality products Use of software introduces product liability issues

6

Software Product Liability Product liability: That of manufacturers,

sellers, lessors, and others for injuries caused by defective products Based on strict liability, negligence, breach of

warranty, or misrepresentation Strict liability: Defendant held responsible

for injuring another person, regardless of negligence or intent Plaintiff must prove only that the software

product is defective or unreasonably dangerous and that the defect caused the injury

7

Software Product Liability Legal defenses used against strict liability

Doctrine of supervening event Government contractor defense Expired statute of limitations

Negligence Failure to do what a reasonable person would do, or

doing something that a reasonable person would not do

Contributory negligence: Plaintiffs’ own actions contributes to their injuries

8

Software Product Liability Warranty: Assures buyers or lessees that a

product meets certain standards of quality Breach of warranty: Lessee can sue the lessor

if the product fails to meet the terms of its warranty Difficult to prove because the software supplier

writes the warranty to limit liability

9

Software Development Methodology Standard work process that enables controlled

progress while developing high-quality software Use of an effective methodology protects

software manufacturers from legal liability Reduces the number of software errors If an organization follows widely accepted

development methods, negligence on its part is harder to prove

Quality assurance (QA): Methods within the development cycle designed to guarantee reliable operation of a product

10

Figure 7.2 - The Cost of Removing Software Defects

11

Source Line: Used with permission from LKP Consulting Group

Dynamic Testing Dynamic testing: Entering test data and

comparing the results with the expected results in a process Black-box testing: Viewing the software unit as a

device that has expected input and output behaviors but whose internal workings are unknown If the unit demonstrates the expected behaviors for all

the input data in the test suite, it passes the test White-box testing: Treats the software unit as a

device that has expected input and output behaviors but whose internal workings are known

12

Types of Software TestingStatic testing

Integration testing

System testing

User acceptance testing

13

Capability Maturity Model Integration (CMMI) Process-improvement approach that defines

the essential elements of effective processes Identifies the issues that are most critical to

software quality and process improvement Enables an organization to track, evaluate,

and demonstrate its progress

14

Table 7.1 - Definition of CMMI Maturity Levels

15

Source Line: Used with permission from Carnegie Mellon University

Safety-Critical Systems Whose failure may cause injury or death

Safe operation relies on the flawless performance of software

Key assumption - Safety will not automatically result from following the organization’s standard development methodology

Tasks require: Additional steps More thorough documentation Vigilant checking and rechecking

16

Safety-Critical Systems System safety engineer: Uses a logging and

monitoring system to track hazards from a project’s start to its finish Hazard log: Used to assess how detected hazards have

been accounted for When designing, building, and operating a

safety-critical system a formal risk analysis is to be conducted

Redundancy: Provision of multiple interchangeable components to perform a single function in order to cope with failures and errors

17

Safety-Critical Systems N-version programming: Approach to

minimizing the impact of software errors by independently implementing the same set of user requirements N times Multiple software versions are unlikely to fail at

the same time under the same conditions Consequences of failure can be mitigated

by devising emergency procedures and evacuation plans

18

Reliability and Safety in Safety-Critical Systems Reliability: Measure of the rate of failure in

a system that would render it unusable over its expected lifetime Capability of the system to continue to perform

Safety - Ability of the system to perform in a safe manner

System-human interface - Important and difficult areas of safety-critical system design Design of the system should not allow for

erroneous judgment on the part of the operator

19

Quality Management Standards ISO 9001 family of standards

Guide to quality products, services, and management Organization must submit to an examination by an

external assessor to obtain the certificate Failure mode and effects analysis (FMEA)

Used to develop ISO 9001-compliant quality systems By evaluating reliability and determining the effects

of system and equipment failures Failure mode: Describes how a product or process

could fail to perform the desired functions described by the customer

20

Steps to Identify the HighestPriority ActionsDetermin

e the severity rating

Determine the

occurrence rating

Determine the

criticality

Determine the

detection rating

Calculate the risk priority rating

21

Summary Demand for high-quality software is

increasing Developers are under extreme pressure to

reduce time to market of products Software product liability claims are

frequently based on: Strict liability Negligence Breach of warranty Misrepresentation

22

Summary Software development methodology

Defines activities in the development process Defines individual and group responsibilities Recommends specific techniques Offers guidelines for managing product quality

CMMI Defines five levels of software development

maturity Safety-critical system

Failure may cause injury or death23

Summary ISO 9001 standard is a guide to quality

products, services, and management Failure mode and effects analysis (FMEA) is

an important technique used to develop ISO 9001-compliant quality systems

24