acm-header
Sign In

Communications of the ACM

Inside risks

Optimistic Optimization


Many people continue to ignore the long-term implications of decisions made for short-term gains, often based on overly optimistic or fallacious assumptions. In principle, greater benefits can result from farsighted vision based on realistic assumptions. For example, serious environmental effects (including global warming, water and air pollution, and adverse genetic engineering) are largely ignored in pursuit of short-term profits. However, conservation and environmental protection appear much more relevant when considered in the context of long-term costs and benefits. Governments are besieged by intense shortsighted lobbying by special interests, while research funding has increasingly focused on short-term returns, to the detriment of the future.

Computer system development is a particularly frustrating example. Most system developers are unable or unwilling to confront life-cycle issues, although it is clear to many of us that up-front investments can yield enormous benefits later in the life cycle. In particular, defining requirements carefully and wisely at the beginning of a development effort can greatly enhance the entire subsequent life cycle and reduce its costs. This process should ideally anticipate all essential requirements explicitly, including (for example) security, reliability, scalability, and relevant application-specific needs such as enterprise survivability, evolvability, maintainability, usability, and interoperability. Many such requirements are typically extremely difficult to add once system development is far advanced. Furthermore, requirements tend to change; thus, system architectures and interfaces should be relatively flaw-free and inherently adaptable without introducing further flaws. Insisting on principled software engineering (such as modular abstraction, encapsulation, and type safety), sensible use of sound programming languages, and use of appropriate support tools can significantly reduce the frequency of software bugs. All of these up-front investments can also reduce the subsequent costs of debugging, integration, system administration, and long-term evolution—if sensibly invoked.

The value of up-front efforts is a decades-old concept. However, it is often widely ignored or done badly, for a variety of reasons—such as short-term profitability, rush to market, lack of commitment to quality, lack of liability concerns, ability to shift late life-cycle costs to customers, inadequate education, experience, and training, and unwillingness to pursue other than seemingly easy answers.

Overly optimistic development plans that ignore these issues tend to win out over more realistic plans, but can lead to difficulties later on—for developers, system users, and even innocent bystanders. The annals of the Risks Forum are littered with systems that did not work properly and people who did not perform according to the assumptions embedded in the development and operational life cycles. (An example is seen in the current rush to low-integrity paperless electronic voting systems with essentially no operational accountability.) As we have noted here before, the lessons of the Risks archives are widely ignored. Instead, we have a caveat emptor culture, with developers and vendors disclaiming all warranties and liability.

There are many would-be solutions that result in part from shortsighted approaches. Firewalls, virus checkers, and spam filters all have some benefits, but also some problems. Firewalls could be more effective if they did not pass all sorts of executable content, such as ActiveX and JavaScript—but many users want those features enabled. (To date, viruses and worms have been rather benign, considering the full potential of really malicious code.) However, active content and malware would be much less harmful in a well-architected environment that could sandbox executable content. Spammers adapt rapidly to whatever defenses they encounter; legislation seems too simplistic to make real inroads against them, and may simply drive them offshore.

We need better incentives to optimize in larger contexts and for the long term, with realistic assumptions and appropriate architectural flexibility to adapt to changing requirements. Achieving this will require many changes in our research and development agendas, our software and system development cultures, our educational programs, our laws, our economy, our commitment, and perhaps most important—in obtaining well-documented success stories to show the way for others. Particularly in critical applications, if it's not worth doing right, perhaps it's not worth doing at all. But as David Parnas has said, let's not just preach motherhood; let's teach people how to be good mothers.

Back to Top

Author

Peter Neumann moderates the ACM Risks Forum (www.risks.org).


©2004 ACM  0002-0782/04/0600  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2004 ACM, Inc.


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
Article Contents: