The two sorts of (programmer) certification

March 24, 2008

When you're talking about certifying people, there are really two sorts of certification; certification of people, and certification of people and procedures. In yesterday's entry I was implicitly talking about the latter sort of certification, so today I'm going to explain why.

First, one of the usual stated goals of programmer certification is to move to an environment where software is more reliable and secure, like the work that engineers produce.

At the best, certification of people is a stamp of approval that you've learned the necessary knowledge for your field, that you know how to write programs properly. But only part of the problem is due to ignorance, and even with everyone perfectly educated the economic pressures against reliable and secure software will still be there; such software will still cost more to build without making companies any more money. Merely educating people on how to build reliable and secure software doesn't do anything to make sure that they will actually build software that way.

(At the worst, certification of people is nothing more than a tax or a guild.)

Certification of people and procedures together means that not only do you know what to do, you have some sort of legal liability if you don't follow the approved procedures for doing things. It is not enough to know how to design bridges or write programs properly; you must design your bridges or write your programs according to certain standards, or you are liable if they fall down. (The certification of people is more or less to attest that they're competent to follow the proper procedures, so that their work doesn't have to be checked all the time.)

If you want to genuinely change people's behavior, to really get them to create reliable and secure software, you must give them no choice about it. This means you need people plus procedures certification with its accompanying legal liability for people who do not conform.

(As a practical matter you need some sort of liability shield; making people personally liable for bad programs no matter what they did would be a great way to encourage programmers to take up another career.)

Written on 24 March 2008.
« Why software engineering certification may not work out the way people want
The easy way to keep a week's worth of something »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Mon Mar 24 22:14:09 2008
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.