[SystemSafety] The evidence base

Olwen Morgan olwen at phaedsys.com
Thu Oct 25 16:10:03 CEST 2018 

Little did I suspect that tossing in a featherweight contribution about 
cppcheck would lead to such serious discussions.

The problem of evidence for claimed good practice is important, so I'm 
here starting a new thread to focus on that issue.

In my experience, I've only once come across a software process 
sufficiently well controlled to give one confidence that 
measurement-based studies would produce repeatable, let alone 
reproducible, results. Most software processes I've seen are like the 
proverbial curate's egg - good in parts. IMO, therefore, it is nigh 
impossible to get hard evidence of the effectiveness of good practice 
unless the whole process is based on good practice. A clincher study 
would be if you were to examine a CMM top-level process before and after 
a good practice had been dropped. That way you could assess the effects 
of individual good practices separately, free from the noise that 
curate's-egg processes inevitably throw up. Naturally such an experiment 
would be costly and it is hard to see who would have the incentive to 
fund it.

I wondered if it might be possible to have something similar to a 
Cochrane collaboration for software process studies. For all I know 
there might be one? (Enlightenment please?). On the other hand, I 
strongly suspect that the difficulty of getting studies properly 
controlled in the first place would be a show-stopper.

IMO there is need for a debate to focus on the issue of quality of 
evidence and how we get good evidence. I have my differences with Derek 
J but on the question of evidence, I think he's right on metrological 
grounds (which may not be the grounds he thinks he has).

To my mind, the difficulty of setting up proper studies is similar to 
that faced by economists. They, like us, can only rarely do 
well-controlled experiments. Much of their work takes the form of 
post-facto analysis of data and is not controlled in the same way that 
experiments in the physical or life sciences can and usually have to be.

The question of whether using a certain practice saves money and effort 
is, I think, a different one but no less worth discussion for that. 
Room, perhaps for a code quality thread?


Olwen

More information about the systemsafety mailing list