Secure Coding mailing list archives
"Checklist Manifesto" applicability to software security
From: gem at cigital.com (Gary McGraw)
Date: Thu, 7 Jan 2010 15:17:20 -0500
hi sc-l, I am pretty sure that Brian Chess used to have this in his standard talk some many years ago. Then again I am getting old. Great analogy. Note that checklists DO NOT take the place of the intensive care staff! gem On 1/7/10 10:11 AM, "Jeremy Epstein" <jeremy.j.epstein at gmail.com> wrote: Greetings, I was listening yesterday to an interview [1] on NPR with Dr. Atul Gawande, author of "Checklist Manifesto" [2]. He describes the problem that medical procedures (e.g., surgery) tend to have lots of mistakes, mostly caused because of leaving out important steps. He claims that 2/3 of medical - or maybe surgical - errors can be avoided by use of checklists. Checklists aren't very popular among doctors, because they don't like to see themselves as factory workers following a procedure, because the human body is extremely complex, and because every patient is unique. So as I was listening, I was thinking that many of the same things could be said about software developers and problems with software security - every piece of software is unique, any non-trivial piece of software is amazingly complex, developers tend to consider themselves as artists creating unique works, etc. Has anyone looked into the parallelisms before? If so, I'd be interested in chatting (probably offlist) about your thoughts. --Jeremy [1] Listen to the interview at http://wamu.org/programs/dr/10/01/06.php#29280 [2] "The Checklist Manifesto: How to Get Things Right", Atul Gawande, Metropolitan Books. _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
Current thread:
- "Checklist Manifesto" applicability to software security Jeremy Epstein (Jan 07)
- "Checklist Manifesto" applicability to software security Brian Chess (Jan 07)
- "Checklist Manifesto" applicability to software security Benjamin Tomhave (Jan 07)
- "Checklist Manifesto" applicability to software security John Wilander (Jan 07)
- "Checklist Manifesto" applicability to software security Andy Steingruebl (Jan 07)
- "Checklist Manifesto" applicability to software security Gary McGraw (Jan 07)