[SystemSafety] Koopman replies to concerns over Toyota UA case

[Matthew Squair]

As I see it the problem/opportunity to ‘game’ McCabes metric is similar to
how you can game risk assessements by picking a lower level in the system
(say at the subsystem) at which to evaluate risk. Which as each subsystem
contributes only a part of the total means that their individual risks will
be less (yes I have seen folk do this). The antidote in that case is to
consider the total risk rather than individual subsystem risks alone.

In the case of McCabe by salami slicing the function up (part/whole style
hierarchy) as Derek proposed we’re pushing the complexity up into the next
higher system level where, as McCabe doesn’t have a concept of hierarchy,
it somewhat conveniently ‘disappears’. Again the antidote is to recognize
that the complexity hasn’t gone any where though a simple budgeting
exercise. In line with other budgeting practices I’d (aspirationally) look
for who owns that higher level of system design and what the practices were
for proposing and accepting such transfers.

Touching on complexity theory, as I see it McCabe is more a measure of
local (flat) complicatedeness (which still poses difficulties) rather than
‘true’ complexity (ie hierarchy, abstraction, emergence). To make it more a
measure of complexity it should have, or be augmented by other measures) to
have, an ability to deal with hierarchy at least.

The other dimension is to consider the system from a means-end rather than
part-whole hierarchy, ‘generally’ people don’t write complicated code for
the hell of it so if the ‘means’ has a high metric, chances are if we look
back up at the ‘end’ required it’s going to be the driver and there may be
an opportunity to refactor the requirements.

Apologies for the scattergun of the above, on a short layover in NZ.

Regards,

On 1 January 2018 at 2:32:54 am, Derek M Jones (derek at knosof.co.uk) wrote:

> Steve,
>
> Are you saying that there should be NO constraints whatsoever on the code
> a developer writes? Are you willing to accept the following because I have
>
>
> I'm saying that people should stop demonizing an easily gamed metric.
> It increases the pressure on people at the sharp end to commit
> account fraud.
>
> --
> Derek M. Jones Software analysis
> tel: +44 (0)1252 520667 blog:shape-of-code.coding-guidelines.com
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20171231/bd8a36c1/attachment.html>