Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can Software Kill?

Posted by ryuzaki0 on from the of-course dept.

mykepredko writes "Eweek has an interesting, if somewhat long article titled Can Software Kill? The article focuses on a programming error that resulted in 28 Panamanian cancer patients receiving many times an expected lethal dose of radiation. The article briefly mentions, but doesn't go into detail, the 1991 Patriot Missile Failure that resulted in the deaths of 28 American service men and women."

16 of 562 comments (clear)

  1. Yes by paranode · · Score: 5, Insightful

    Software can kill, just like any other stupid mistakes if left unchecked.

    insert open source plug here

  2. Software? no - humans, yes. by smharr4 · · Score: 4, Insightful

    Software will only kill people through bad programming.

    It is humans that make the underlying mistakes

  3. software does not kill... by dummkopf · · Score: 4, Insightful

    ... dumb programmers kill!

  4. Software cannot kill ... by maxwell+demon · · Score: 5, Insightful

    ... but it can make the hardware controlled by it kill.

    --
    The Tao of math: The numbers you can count are not the real numbers.
  5. Patriot missile -- really a "failure" by Ryu2 · · Score: 3, Insightful

    IIRC, the Patriot missile was never really designed or intended as an anti-missile missile, but a anti-aircraft (ie, a target much lower and slower) missile. It was only pressed into service killing Scuds because there was nothing better available.

    So, wouldn't the Patriot missile failure be understandable due to it being used outside its original design? If the Patriot had been really intended and design as a missile killer, then yes, it should have a "failure" because it didn't live up to its original spec.

    --
    There's 10 types of people in this world, those who understand binary and those who don't.
  6. Answer = NO.. by msimm · · Score: 3, Insightful

    Bad programming can, just like guns don't kill, people do. An engineer makes mathmatical mistakes designing a bridge and the bridge later collapses, do bridges kill? Seems like a dedundent question, mistakes we make sometimes cost peoples lives, why would software be any different?

    --
    Quack, quack.
  7. Re:of course it will by Bombcar · · Score: 5, Insightful

    You see, if I'm a doctor, and I screw up and overdose you, it isn't a news item. I'll get reprimanded, maybe sued. No one will even notice if it happens many times, because each time it is a different doctor in a different circumstance.

    But if I'm a computer software engineer and have a bug in a program that gets 3 people an overdose, then it will be noticed and much howling will be done over it. Even if the total number of errors have gone down, the type of error is new and there is a common factor between all the cases. And so we will complain.

    And, I think, rightly. Computers are a tool, not to be trusted, always to be checked. I fear many people believe the computer can never be wrong (because it is so complex as to be indistringuishable from magic, and magic is never wrong) - perhaps this is why there isn't much howling about Diebold voting machines: It's digital, so it must be better!

    --
    Fellowship 9/11
  8. Re:EULA's by Unknown+Relic · · Score: 5, Insightful

    I'm not positive, but aren't most of these type of disclaimers saying something along the lines of "We do not give permission for this software to be used in environments where failure could result in loss of life. In the event of such unauthorized use, we will not warranty the product, nor be held accountable for any damages it may cause"? If this is the case, than I have no problem with this, as they are saying the software isn't good enough to use in such a situation, if you do so, you're on your own. Anything that's mission critical to a degree where lives depend on it, should be licensed with that in mind (which I imagine software for nuclear power plants, etc. is).

    If the organization that's being entrusted with people's lives cheaps out and uses software in environments it's not rated for, there's no way the manufacturer should be held liable. It's not different than tires on cars. If you're ripping around at 150mph on non Z-rated tired, and one blows, it's your own damned fault, not that of the manufacturer.

  9. Sure it can by aduzik · · Score: 5, Insightful
    Software is an engineered thing, just like any other tool upon which we rely. Think about airplanes, which occasionally have mechanical failures in flight. Think about Columbia, which burned up because of engineering defects. So, if the software is flawed, it will certainly cause eventual damage. Sometimes it's benign -- restarting Word isn't so big a deal -- but sometimes it's catastrophic.

    This is why I've always thought it's vitally important to have good, precise specifications in place and excellent quality assurance for any life-critical application. It's even better with many eyes overseeing every step of the process -- wait... that smacks of open source, doesn't it?

    If you ask me -- and you haven't, but I'll tell you anyway -- what would be the best way to prevent catastrophe, it would be to PREVENT CHANGES TO THE SPEC. In college, our software engineering prof. gave us an assignment, then halfway through, she changed the spec on us. Well, not surprisingly, there wasn't a single project that worked faultlessly, and many of us were doing really well before that.

    Software itself doesn't kill people. Bad software written by overworked developers writing to a constantly-changing specification with not nearly enough QA does. That is, people inadvertantly -- we hope -- kill people with software. Yeah yeah, it's cliche, but it works.

    --
    If it's not one thing it's your mother.
  10. Re:Lethal Weapon by shystershep · · Score: 4, Insightful

    Software doesn't kill people; programmers kill people.

    --
    The bigotry of the nonbeliever is for me nearly as funny as the bigotry of the believer. - Albert Einstein
  11. Re:You clueless cretin. by onyxruby · · Score: 3, Insightful

    My point is more in relation to the concept that a EULA should disavow a company of all accountability. Let's look at this in other ways to help illustrate my point.

    Car manufacture. This vehicle is intended only to operate withing the bounds of the law and shall be considered out of warranty if operated outside those bounds. - Not a car made would still be under warranty after a week.

    Airplane manufacture. This airplane is intended to be flown in by those who choose to accept said risk. - No defect could be held against the manufacturer.

    Pharmaceutical company. This drug is intended only to give an increased chance of success to the patient. All risk and responsibility is the patients to accept and the manufacturer cannot be held responsible. - It wouldnt matter if the study was done by baboons instead of on baboons, the drug company would get a walk.

    It's a case of accountability, and companies' attempts to use an EULA to get out of accountability. If this precedent stands unbated we will soon have EULAs on everything from TVs to cars with no manufacture ever able to be held accountable for defects. Thats what I have problems with.

  12. Umm.... Cruise Missiles? by RockClimbingFool · · Score: 4, Insightful

    Last time I checked, we don't have a bunch of kamakazi pilots for our Tomahawk Cruise Missiles. We make software to intentionally kill people all the time.

  13. This is why I quit by willpost · · Score: 4, Insightful

    I was working for a desktop consulting company, and I was the only database developer there.

    One of my customers wanted to convert a database, and originally I thought, no problem just convert some tables and redraw some forms.

    It turns out this database was also going to store information about blood matching, transplants, and it would also calculate daily drug doses for the nurse to sign off on for kids getting marrow transplants. Success is measured in how many months the kid gets to live.

    If I was working on a team using a more robust platform I might have had more confidence to push forward. However, this is Microsoft Access and i'm the only guy who would know how this thing would work. This means it would be very easy for some kid's death to point towards me.

    So I quit.

    By the way, if anyone has work for a database developer, feel free to contact me at will_spangler@juno.com. I'm quite good with MS Access.

    1. Re:This is why I quit by YrWrstNtmr · · Score: 4, Insightful

      What you should have done is to point out the failings in their current system, i.e Access. Point them towards a more robust solution, that will actually work for their needs. Then built it, and charged through the nose for it.

      As it is, you left the thing to be built by someone else. On an insecure system. Possibly with worse skills than you.

      Sometimes the developer has to push back against managements wishes. You might have won, but at worst, you'd be no worse off than you are now.

  14. Many modern warfare weapons use software by Kegetys · · Score: 4, Insightful

    If that Patriot missile failure counts as a "software kill" then surely software does kill; Look at the amount of people killed in Iraq for example by different types of bombs and cruise missiles that are guided (and detonated) by software.

  15. Medical software by drmike0099 · · Score: 3, Insightful

    Most people in the comments are focusing on actual bugs and crashes in a system causing deaths. While that could certainly happen, those types of errors are more visible and actually a much "better" error to have than some other types. If the system crashes, it may have some immediate effects depending on its purpose, but if it's something that causes its action through an actual user, they are generally harmless, though very annoying. An example of the difference is that if the software designed to run a ventilator has a bug that causes it to crash, since it is directly providing life to a person, when it crashes someone will probably die. On the other hand, systems designed to give information to a clinician, who can then act upon it are going to be very aware when that system is down, and so much less likely to make an error based on that outage.

    The more insidious "errors" if you want to call them that are ones that are errors of design and process, and not execution. If a piece of software is designed with certain assumptions in mind, and something happens outside of the parameters of those assumptions, the software will appear to be working correctly when in fact there may be egregious errors. There are a lot of instances of this in everyday practice.

    Lastly, what we run across is that clinicians are used to a world of paper, where everything obviously either there or not. You know that there's a problem, and there is transparency to the error, so you can factor that into your decision-making. In a clinical system, the transparency is not there, and a subtle flaw can mislead someone making a clinical decision into making a poor one.

    Of course, the above are all gross generalities, as is any discussion of errors in complex systems, but I hope you get the idea.