Skip to main content
Log in

Software vulnerability due to practical drift

  • Original Paper
  • Published:
Ethics and Information Technology Aims and scope Submit manuscript

Abstract

The proliferation of information and communication technologies (ICTs) into all aspects of life poses unique ethical challenges as our modern societies become increasingly dependent on the flawless operation of these technologies. As we increasingly entrust our privacy, our well-being and our lives to an ever greater number of computers we need to look more closely at the risks and ethical implications of these developments. By emphasising the vulnerability of software and the practice of professional software developers, we want to make clear the ethical aspects of producing potentially flawed software. This paper outlines some of the vulnerabilities associated with software systems and identifies a number of social and organisational factors affecting software developers and contributing to these vulnerabilities. Scott A. Snook’s theory of practical drift is used as the basis for our analysis. We show that this theory, originally developed to explain the failure of a military organisation, can be used to understand how professional software developers “drift away” from procedures and processes designed to ensure quality and prevent software vulnerability. Based on interviews with software developers in two Norwegian companies we identify two areas where social factors compel software developers to drift away from a global set of rules constituting software development processes and methods. Issues of pleasure and control and difference in mental models contribute to an uncoupling from established practices designed to guarantee the reliability of software and thus diminish its vulnerability.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  • W.E. Bijker. The Vulnerability of Technological Culture. In H. Nowotny, editor, Cultures of Technology and the Quest for Innovation, pp. 52–69. Berghahn Books, New York, 2006

  • W.E. Bijker. Of Bicycles, Bakelites, and Bulbs: Towards a Theory of Sociotechnical Change. MIT Press, 1995

  • L.L. Bucciarelli. Designing Engineers. MIT Press, 1994

  • P.N. Edwards. The Closed World: Computers and the Politics of Discourse in Cold War America. MIT Press, 1996

  • S. Flowers. Software Failure Management Failure: Amazing Stories and Cautionary Tales. John Wiley & Sons, Chichester, 1996

  • D. Gage, J. McCormick (2004) Why Software Quality Matters. Baseline 1(28): 32–59

    Google Scholar 

  • M.E. Gorman and W. Bernard Carlson. Interpreting Invention as a Cognitive Process: The Case of Alexander Graham Bell, Thomas Edison, and the Telephone. Science, Technology, & Human Values, 15(2): 131–164, 1990

    Google Scholar 

  • A. Hommels. Unbuilding Cities: Obduracy in Urban Sociotechnical Change. MIT Press, 2005

  • I. Jacobson, G. Booch and J. Rumbaugh. The Unified Software Development Process. Addison-Wesley Publishing Company, 1999

  • S. Jasanoff. Introduction: Learning from Disaster. In S. Jasanoff, editor, Learning from Disaster. Risk Management After Bhopal, pp. 1–18. University of Pennsylvania Press, 1994

  • T. Kleif, W. Faulkner (2003) “I’m No Athlete [but] I Can Make This Thing Dance!” – Men’s Pleasures in Technology. Science, Technology, & Human Values 28(2): 296–325

    Article  Google Scholar 

  • S. Levy (1984) Hackers: Heroes of the Computer Revolution. Doubleday, New York

    Google Scholar 

  • B. Latour. Science in Action. Harvard University Press, 1987

  • J. Law. ‚Ladbroke Grove, Or How to Think about Failing Systems’, published by the Centre for Science Studies, Lancaster University, at http://www.lancs.ac.uk/fss/ sociology/papers/law-ladbroke-grove-failing-systems.pdf, 2000

  • N. Leveson. Safeware: System Safety and Computers. Addison-Wesley Publishing Company, 1995

  • S.J. Lukasik (2003) Vulnerabilities and Failures of Complex Systems. International Journal of Engineering Education 19(1): 206–212

    Google Scholar 

  • D.A. Norman (1983) Some Observations on Mental Models. In: D. Gentner, A. Stevens (eds) Mental Models. Lawrence Erlbaum, Hillsdale, New Jersey, pp. 7–15

    Google Scholar 

  • D.A. Norman (1988) The Psychology of Everyday Things. Basic Books, New York

    Google Scholar 

  • D. Page, P. Williams and D. Boyd. Report of the Inquiry into the London Ambulance Service. South West Thames Regional Health Authority, February 1993. http://www.cs.ucl.ac.uk/staff/A.Finkelstein/las/lascase0.9.pdf

  • C. Perrow (1999) Normal Accidents: Living With High-risk Technologies, 2nd ed. Basic Books, New York (Original work published 1984)

    Google Scholar 

  • B. Rasmussen, T. Håpnes (1991) Excluding women from the technologies of the future? Futures 23(10): 1107–1119

    Article  Google Scholar 

  • S.A. Snook. Friendly Fire: The Accidental Shootdown of U.S. Black Hawks over Northern Iraq. Princeton University Press, 2000

  • A. Takanen, P. Vuorijärvi, M. Laakso, J. Röning (2004) Agents of Responsibility in Software Vulnerability Processes. Ethics and Information Technology 6: 93–110

    Article  Google Scholar 

  • S. Turkle (1984) The Second Self: Computers and the Human Spirit. Simon and Schuster, New York

    Google Scholar 

  • T.A. Undheim. Visionary Managers and Silent Engineers. In T.A. Undheim, editor, What the Net Can’t Do: The Everyday Practice of Internet, Globalization, And Mobility, pp. 93–124. Ph.D. Thesis, Norwegian University of Science and Technology, 2002

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Christian V. Lundestad.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Lundestad, C.V., Hommels, A. Software vulnerability due to practical drift. Ethics Inf Technol 9, 89–100 (2007). https://doi.org/10.1007/s10676-006-9123-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10676-006-9123-1

Keywords

Navigation