[SC-L] "Checklist Manifesto" applicability to software security
Brian Chess
brian at fortify.com
Thu Jan 7 10:49:33 EST 2010
I think it's a great analogy. If you'd like to read more without ordering
the book, here's an article Gawande wrote for the New Yorker in 2007:
http://www.newyorker.com/reporting/2007/12/10/071210fa_fact_gawande
Brian
On 1/7/10 7:11 AM, "Jeremy Epstein" <jeremy.j.epstein at gmail.com> wrote:
> Greetings,
>
> I was listening yesterday to an interview [1] on NPR with Dr. Atul
> Gawande, author of "Checklist Manifesto" [2]. He describes the
> problem that medical procedures (e.g., surgery) tend to have lots of
> mistakes, mostly caused because of leaving out important steps. He
> claims that 2/3 of medical - or maybe surgical - errors can be avoided
> by use of checklists. Checklists aren't very popular among doctors,
> because they don't like to see themselves as factory workers following
> a procedure, because the human body is extremely complex, and because
> every patient is unique.
>
> So as I was listening, I was thinking that many of the same things
> could be said about software developers and problems with software
> security - every piece of software is unique, any non-trivial piece of
> software is amazingly complex, developers tend to consider themselves
> as artists creating unique works, etc.
>
> Has anyone looked into the parallelisms before? If so, I'd be
> interested in chatting (probably offlist) about your thoughts.
>
> --Jeremy
>
> [1] Listen to the interview at http://wamu.org/programs/dr/10/01/06.php#29280
> [2] "The Checklist Manifesto: How to Get Things Right", Atul Gawande,
> Metropolitan Books.
> _______________________________________________
> Secure Coding mailing list (SC-L) SC-L at securecoding.org
> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> _______________________________________________
More information about the SC-L
mailing list