Cisco's voice over IP products are vulnerable to attack due to programming error. Hardly news these days, but this familiar state of affairs disguises the seriousness of the situation.
Software engineering is hard to do well. As in all human endeavours, mistakes can get in at any stage from earliest concept to final product, and the real world rarely proves as benign as the laboratory. That's no excuse for shoddy software, though: with appropriate methodologies and management, software can be reliably written and rigorously tested to a high standard. That we do not expect this is a sign that our expectations have been carefully managed by companies who have found a strong marketing message to be an effective and cheap substitute for proper engineering.
This is no longer acceptable. VoIP telephony is a very good case in point: it is cheaper and much more amenable to new services and integration than circuit-switched telephony, advantages that have given it an unanswerable advantage in the market. It will displace all other telephony at all levels, if not in five years then in ten. But that advantage has been bought, to some extent, at the price of reliability.
Even if Cisco did not foresee today's problem during design and implementation, there are types of testing that would have revealed it prior to launch. Those tests were not done, or were not done properly; the product came to market cheaper and sooner as a result.
If we do not want our future communications to be built out of components that have been selected purely on such factors, we must insist on properly engineered software. Software producers have been getting a free ride on product liability, but increasingly lives will rely on the stack in the phone just as much as they do on the leak-free fuel tank or the insulation on the power lead. This can't be signed away with a licence agreement.
Bad engineering in critical applications should result in corporate pain. If companies want their products to be used in the construction of the online world, they must accept the responsibility of making them fit for the job — and the consequences of cutting corners.
Talkback
Damn right. Software should be written like Boeing build aircraft - that it absolutely must fly. With that comes expense, though, and many customers seem to choose very much on the basis of cost - and most would baulk at the cost involved.
And it doesn't help when the OS you're working on has all sorts of 'undocumented features' like some...
Consider the difference between "software engineers" and real engineers.
I'm a registered professional civil engineer. It took me 5 years to get my degree, and 5 years to earn my professional registration. In the company where I work, I am regarded as somewhat of a wunderkind because I attained that level so quickly.
Compare that to an MCSE bootcamp where you can become a "software engineer" in 6 weeks! What a crock, these wankers don't even rise to the level of an certified engineering technician.
As a professional engineer, I'm assigned a stamp with a unique number. Everything I do is signed and stamped. Thus, if I made a mistake 25 years ago that hurts somebody today, they're gonna track me down. That's not just corporate pain, that's personal liability. If you think that's scary, and it affects the way I approach my job, you'd be right. I certainly don't welcome the prospect of facing a group of grieving widows in a courtroom, but if I make a mistake of that magnitude, I deserve whatever sanctions our society chooses to hand out. How many "software engineers" are prepared to say that?
With all that said, would someone please explain to me why a real engineer will go to jail if he screws up the design of, say, an airplane rudder, but a software engineer can screw up the control system for that rudder with no personal consequences. Why do they get a Get Out of Jail Free card? Oh, I forgot, sofware engineering is hard.
The author brings up a vitally important subject. Most countries have very strict laws regarding professions, i.e. doctors, lawyers, "real" engineers, etc. Those aren't just jobs, they're held to a high level of responsibility and liability because of the high level of damage they can do.
As a society, we need to understand that software is no longer a high paying hobby for nerdy people who are bright, but lack the social skills to be an accountant. The work they do has such a sweeping impact, and the consequences of a mistake are so high, that it should be considered a "special category," by law.
Good luck pursuing this issue. It deserves to be discussed in the Congress and the Parliament, not just an obscure comment board on the internet.