Who’s Afraid of Software?Posted: January 19, 2012
Who’s afraid of software? I mean viscerally, stomach-knotting afraid. Afraid like you might be when you come across a snake or a bear, or when you are mugged. Do you obsess about a phishing attack each time you open your email? Do you worry there’s an eavesdropper when you join the open wifi access point in a coffee shop? Do you worry your software will fail in your modern automobile or aircraft?
I listened to a Freakonomics podcast about risk, uncertainty, and beliefs. One point made during the show was that our fears are shaped by evolution—to our ancestors, it made sense to be afraid of threatening animals. In modern life, however, our fears don’t match risks—we’d be much better off being afraid of cheeseburgers, as pointed out in the show. Some people are afraid of modern risks. I know people afraid of cancer, for example.
That got me thinking about fearing software. Software is certainly among the most complex artifacts created by humans. Modern cars contain 100+ million lines of code. Nearly every day there is a story about a large corporation being hacked and of cyber-warfare between nations.
My question is serious—I really do wonder if people are genuinely afraid of software. I work in the area of software assurance, and while I take precautions against viruses, phishing attacks, etc., I don’t particularly worry about software failures, even when my life might depend on it. This is despite issues just last year like this and this in automotive software. I get to see a somewhat how the sausage is made, and in general, we only exercise a small fraction of the state-space of deployed software in validation and in actual usage. There are legitimate risks, but there seems to be very little fear.
Perhaps like a medical doctors stereotypically neglecting their own health, I don’t worry day-to-day about software assurance despite working in the field. But it seems nobody else really fears software, either.
In the podcast, the topic of polarizing claims, like global warming, is discussed. Outside of academic circles, one’s view on the risks of software are not so polarizing—your views on the topic won’t cause your friends or colleagues to disparage you (indeed, if anything, the main risk is likely boring others in discussing the topic!). I wonder just what the “global warming” of software might be in the future.