11 January 2011

Zero Harm from Applications?

The construction site in Clerkenwell of the Goldsmiths' Centre for The Goldsmiths' Company has many banners draped around its perimeter including this one about zero harm:

Photograph of the poster banners hanging outside the Goldsmiths' Centre construction site in Clerkenwell, London, which read 'Zero deaths, Zero injuries to the public, Zero ruined lives among all our people - Zero harm' and 'Considerate Constructors - Improving the image of construction - 0800 783 1423 - www.ccscheme.org.uk'

So, not only are they stating compliance with the considerate constructors scheme, but there is a commitment to "zero harm" during development:

  • zero deaths
  • zero injuries to the public
  • zero ruined lives among all our people.

Well, you can't complain about the objectives. The details of the zero harm vision include a target metric: "an absolute ceiling on an Accident Frequency Rate (AFR) of 0.1 by end 2012". It's a pity that all of us in software development can't have similar principles; I'm not even aware of any software trade organisations with anything like this. SAFECode is perhaps the closest thing. Nothing concrete from .UK. How about zero vulnerabilities, zero data loss and zero malware transferred to users? Surely that's easier to do than preventing deaths, injuries and ruined lives?

Perhaps not. The upcoming OWASP Summit 2011 in Portugal will be working on why we still have so many security problems in so many applications, what has been accomplished, what has & hasn't worked, what we have been doing right, what we have been doing wrong, and how to make OWASP more effective. These people have already confirmed their attendance.

Apart from contributing in the OWASP Global Industry Committee sessions, I'm hoping to widen the debate about the impacts of security defects, to the impacts on people (in addition to organisations) by thinking more about aspects such as privacy and human safety. By putting information assurance more in the context of business concerns, I hope to spread application security awareness and help governments, companies and other organisations understand the risks and methods to improve.

If you have something to contribute, please do come to the summit. Also, if you can, sponsor the summit to help pay for some others to attend. Everyone is free to participate in OWASP and all of itsmaterials are available under a free and open software licence.

Let's have an "Improving the Image of Software Development" initiative.

Posted on: 11 January 2011 at 08:30 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
Zero Harm from Applications?
http://www.clerkendweller.com/2011/1/11/Zero-Harm-from-Applications
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2011/1/11/Zero-Harm-from-Applications
Requested by 38.107.179.222 on Thursday, 17 May 2012 at 22:23 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2011-2012 clerkendweller.com