Blog Closed

This blog has moved to Github. This page will not be updated and is not open for comments. Please go to the new site for updated content.

Wednesday, May 13, 2009

Software Engineering Licenses

Ovid wrote a very interesting blog piece about the idea of software engineering being subjected to consumer protection laws in Europe. He is seemingly in the minority by supporting this idea. I was writing a comment to agree with him, but as the comment got longer and longer I decided it would be better served as a complete blog post.

In the USA there is a licensing for engineers called "Professional Engineer", or "PE". The idea isn't specific to the USA, but that is the only version that I am familiar with. Getting a PE license requires an apprenticeship under an existing PE and a strenuous and comprehensive exam (actually two exams, one to qualify before the apprenticeship and one afterward). Once you have it you are able to do certain jobs that you legally could not do otherwise. For instance, almost all Civil engineers must have a PE because public infrastructure work almost always requires it. Most Mechanical engineers get it as well, at least that I am aware of. For electrical engineers the number is smaller, typically only people who work on public power or transportion systems get it. I know that when I was in school for EE and looking to pursue PE licensing for myself, it was very difficult for me to find potential mentors to apprentice under, and it was even harder for me to justify the effort considering I wasn't going to be in a field that required it. However, that's not to say that it's impossible to get a PE in EE, and there are plenty of other per-project certification schemes such as Intrinsic Safety that EEs need to follow (I know we spend a lot of effort at work pursuing IS certifications for our products, and it's far more strenuous of process then any regression testing of software that I've ever experienced). In software engineering, which is where I am now, it's almost impossible to get PE even if you needed it (there are basically no PEs in software engineering to apprentice under), and I'm not really aware of any certifications for having software approved as being "safe" in the legal sense.

PE specifies a few things: First, you must demonstrate a level of competency in your work. Second, you are only approved to do licensed work in your area of expertise. A Civil PE cannot do mechanical or electrical work that requires a PE, for instance. Third, there is legal responsibility. Plans and projects need to be approved by a PE before they can be implemented, and the PE is responsible for the outcome. The PE license also specifies who can be licensed: You must have at least a bachelors degree from an accredited institution, you must pass a qualification exam, you must apprentice under a licensed PE, and then you must pass a comprehensive final exam. And the accreditation, as I will tell you, can be quite strenuous. The bozo schools get weeded out by accreditation agencies before they can graduate bozo engineers. If you picked up a degree from John's Basement University, I'm sorry but you don't get to design bridges (at least not ones that people drive on).

There's a difference between consumer software and infrastructure software. If your software can have a negative impact on a person's health or well-being, and it fails, there should be some resource and some place to lay legal responsibility. We don't want Joe Schmoe with a AS in Information Technology writing the software to control your antilock breaks. We don't want a former Mechanical or Electrical engineer who decided to "switch to software" coding the safety fallbacks for a nuclear power plant. We don't want people who aren't properly licensed writing the autopilot software on a plane or the failsafe software on a missle, or the routing software of the electrical grid. We want people who are properly trained, competent, and accountable to be writing all these things. I've seen enough shitty code written by "software engineers" already, people who don't even specialize in it can't be expected to do any better (although some certainly can do it very well indeed).

If a bridge collapses or if a power line lands on a playground, you can be damn sure an engineer somewhere will be held responsible for that. And knowing that their asses are on the line will prompt these people to be more careful, more conservative, and more circumspective before signing off on a shoddy design. Why should it be any different for safety-critical software? Why shouldn't software engineers in safety-critical industries be held accountable for their own bad designs and bad, uninformed decisions? Why wouldn't we as an industry want to cover our own asses like that?

On the flip side, if there is a legal requirement that critical software be approved by a licensed software engineer, suddenly those engineers have more power over deployment: software doesn't get shipped unless it is properly approved, and no amount of business politics will force a deployment before that. Good developers with proper licenses will be able to earn more money for their work too, because they become a legal necessity
. And there will be more job security for these people as companies won't be able to replace good licensed developers with new graduates, and won't be able to outsource all their coding needs to the bottom bidders around the world. It's both amazing and depressing the kinds of people who are allowed to write critical software in this world, and more often the costs of software development right now are treated as overwhelmingly more important then the long term costs in terms of money or public safety. We can see this same principal at work in all sorts of other industries too (Think about the banking industry where the pursuit of short-term gains brought the whole world into recession). Do we want to allow that kind of process creating the software that we all rely on?

I think that requiring software engineers to be licensed in some cases and to hold them accountable for their work will be a good thing overall. Require that important software only gets written by good software writers. Require that decisions about deployment of important software get made by the engineers, not the marketing department. Require that important software not be an exercise in "failure probability", and give people guarantees that things that are supposed to just work do, in fact, just work. It's time that software engineering graduate from a field of amateurs and non-accountable dabblers and become a field of precision, science, and results.

1 comment:

Note: Only a member of this blog may post a comment.