Secure Coding mailing list archives
"Checklist Manifesto" applicability to software security
From: jeremy.j.epstein at gmail.com (Jeremy Epstein)
Date: Thu, 7 Jan 2010 10:11:05 -0500
Greetings, I was listening yesterday to an interview [1] on NPR with Dr. Atul Gawande, author of "Checklist Manifesto" [2]. He describes the problem that medical procedures (e.g., surgery) tend to have lots of mistakes, mostly caused because of leaving out important steps. He claims that 2/3 of medical - or maybe surgical - errors can be avoided by use of checklists. Checklists aren't very popular among doctors, because they don't like to see themselves as factory workers following a procedure, because the human body is extremely complex, and because every patient is unique. So as I was listening, I was thinking that many of the same things could be said about software developers and problems with software security - every piece of software is unique, any non-trivial piece of software is amazingly complex, developers tend to consider themselves as artists creating unique works, etc. Has anyone looked into the parallelisms before? If so, I'd be interested in chatting (probably offlist) about your thoughts. --Jeremy [1] Listen to the interview at http://wamu.org/programs/dr/10/01/06.php#29280 [2] "The Checklist Manifesto: How to Get Things Right", Atul Gawande, Metropolitan Books.
Current thread:
- "Checklist Manifesto" applicability to software security Jeremy Epstein (Jan 07)
- "Checklist Manifesto" applicability to software security Brian Chess (Jan 07)
- "Checklist Manifesto" applicability to software security Benjamin Tomhave (Jan 07)
- "Checklist Manifesto" applicability to software security John Wilander (Jan 07)
- "Checklist Manifesto" applicability to software security Andy Steingruebl (Jan 07)
- "Checklist Manifesto" applicability to software security Gary McGraw (Jan 07)