This text refers to item.
While there is no shortage of studies into the reasons why software projects fail (Ewusi-Mensah, 1997), the major risks of software development (Jones, 1994), or even the factors affecting project success (Cooke-Davies, 2002), the field of software engineering lacks a general model with which to investigate such failures. To date, studies have tended to be surveys of the factors thought to play some part in a failure.
Several researchers have argued that a simple model of accidents is insufficient for dealing with modern technology. A causal-chain model of accidents is useful to investigate the failure of a specific component through wear and tear, or the attribution of the cause can be established through application of a "but for" test. Given the cause, similar accidents can be prevented by checking the same component for wear and tear or other flaws such as structural cracks. However, it is a less useful model when investigating accidents which causes are ultimately not due to physical weaknesses but are due to interactions between components or the failure of the system itself.
Driven by the need to find ways to prevent future accidents, the alternative models reject the simple causal chain model on several grounds. The first is that looking back along the causal chain requires a "stopping rule" to determine when to cease investigating deeper into the system which, it is argued, can be somewhat arbitrary in the choice of cause (Leveson, 2004). The second reason is that such investigative techniques tend to focus attention on the proximate event most closely associated with the accident and direct attention away from the latent, contributory causes.
Where, in the past, it may have been sufficient to seek direct causes of an accident, modern socio-technical systems can produce accidents that are the result of the interaction of different parts of the system rather than a failure of any one part of the system. Turner & Pidgeon (1997) reviewed official investigations into non-natural disasters to arrive at a view that many disasters were man-made and entirely foreseeable. In a major contrast to causal models of accidents, the authors argued that the conditions for the disasters he investigated largely originated from decisions made by upper management.
The view that there was ample evidence of impending disaster available if only someone paid it any attention appears to be shared by investigators other than Turner. However such hindsight bias has been criticised by several researchers, most notably Dekker (2005). Hindsight bias ignores the reality that most operational decisions are made under ambiguous circumstances based on sparse and ambiguous evidence. Instead, Dekker argues, investigators must try hard to understand the circumstances of the time and put aside knowledge of the outcome.
To reason more fully about the interaction of different parts of a socio-technical system, several researchers have proposed a system theoretic model in which the system is expressed as a hierarchy of control levels. Each level of the hierarchy is considered to act on the level below it through the imposition of constraints and directions to achieve emergent properties and to receive feedback. A more useful model for considering total risk was a "top-down, systems oriented approach based on system control theoretic concepts". This approach gave a control structure embedded in an adaptive socio-technical system. Such a model shows how different parties contribute to safety regardless of their organizational affiliations.
In the text,
"wear and tear" is the same as loss or damage resulting from ordinary use and exposure.
While there is no shortage of studies into the reasons why software projects fail (Ewusi-Mensah, 1997), the major risks of software development (Jones, 1994), or even the factors affecting project success (Cooke-Davies, 2002), the field of software engineering lacks a general model with which to investigate such failures. To date, studies have tended to be surveys of the factors thought to play some part in a failure.
Several researchers have argued that a simple model of accidents is insufficient for dealing with modern technology. A causal-chain model of accidents is useful to investigate the failure of a specific component through wear and tear, or the attribution of the cause can be established through application of a "but for" test. Given the cause, similar accidents can be prevented by checking the same component for wear and tear or other flaws such as structural cracks. However, it is a less useful model when investigating accidents which causes are ultimately not due to physical weaknesses but are due to interactions between components or the failure of the system itself.
Driven by the need to find ways to prevent future accidents, the alternative models reject the simple causal chain model on several grounds. The first is that looking back along the causal chain requires a "stopping rule" to determine when to cease investigating deeper into the system which, it is argued, can be somewhat arbitrary in the choice of cause (Leveson, 2004). The second reason is that such investigative techniques tend to focus attention on the proximate event most closely associated with the accident and direct attention away from the latent, contributory causes.
Where, in the past, it may have been sufficient to seek direct causes of an accident, modern socio-technical systems can produce accidents that are the result of the interaction of different parts of the system rather than a failure of any one part of the system. Turner & Pidgeon (1997) reviewed official investigations into non-natural disasters to arrive at a view that many disasters were man-made and entirely foreseeable. In a major contrast to causal models of accidents, the authors argued that the conditions for the disasters he investigated largely originated from decisions made by upper management.
The view that there was ample evidence of impending disaster available if only someone paid it any attention appears to be shared by investigators other than Turner. However such hindsight bias has been criticised by several researchers, most notably Dekker (2005). Hindsight bias ignores the reality that most operational decisions are made under ambiguous circumstances based on sparse and ambiguous evidence. Instead, Dekker argues, investigators must try hard to understand the circumstances of the time and put aside knowledge of the outcome.
To reason more fully about the interaction of different parts of a socio-technical system, several researchers have proposed a system theoretic model in which the system is expressed as a hierarchy of control levels. Each level of the hierarchy is considered to act on the level below it through the imposition of constraints and directions to achieve emergent properties and to receive feedback. A more useful model for considering total risk was a "top-down, systems oriented approach based on system control theoretic concepts". This approach gave a control structure embedded in an adaptive socio-technical system. Such a model shows how different parties contribute to safety regardless of their organizational affiliations.
Jon McBride. A model for investigating software accident. In: Journal of Research and Practice in Information Technology, vol. 40, n.º 1, Feb.
In the text,
"wear and tear" is the same as loss or damage resulting from ordinary use and exposure.
