Real-World Issues

Has there ever been a computer programming bug that resulted in someone dying?
     Maybe in the old days, but nowadays programmers usually just get a stern warning.

Objectives

This lesson has several objectives. It has been used at the beginning of a senior-level software engineering class. In addition, many of the individual scenarios have been expanded and presented in other classes as they pertain to the topics (operating systems, guest lecture in electrical engineering, guest lecture in mechanical engineering, guest lecture in business).

A primary objective is to increase awareness of the impact that nonsecure code can have. In the traditional assignment, students are each assigned a unique scenario to research and present to the class. Their research report must include the following:

  1. Background
  2. What was the objective of the product/project?
  3. What happened?
  4. What was determined to the cause of the failure/issue?
  5. What was the (projected) cost of the failure/issue?
  6. At what phase of the software/system life cycle could/should this have been detected?
  7. How could this have been prevented?

Example, real-life scenarios are:

Any of the above scenarios could be developed and used as a lesson in a cross-disciplinary field to motivate other disciplines towards secure programming. The PCA pump and Tennessee Lottery issues provide interesting perspectives as they are primarily poor user-interface design, but still come down to a programming issue and emphasize the importance of understanding your user population and raise some interesting questions about the boundaries of secure programming, since one resulted in financial loss and the other in multiple deaths.

The development of a library of these types of scenarios targeting a wide-range of students across all disciplinary boundaries and experiential backgrounds would be an exciting contribution to secure programming.