A "No Kidding" Risk Analysis

George Toft plug-discuss@lists.plug.phoenix.az.us
Sun, 03 Feb 2002 08:26:18 -0500


"Craig S." wrote:
> 
> <snip>
> During  the risk analysis of the flaw, the consensus was:  "This
> will have zero impact to our members as everyone knows
> Windows can't stay up for 6 days."
> 
> I'm not kidding!  This is what business people are
> saying about Windows.
> </snip>
> 
> That is what happens when marketing over-rules engineering. Something
> similar almost happened at a local corporation. There was a minor
> clocking problem on a VOR module that would cause a BER of 3%. When the
> problem was isolated I found that the problem was from a ring (a spike
> on the leading or trailing edge of a digital signal that slowly settles
> down over the period of the wave) across a FET that could be solved with
> a RC circuit to delay the time just a little that it took the FET to
> turn on. The solution would have cost about 10 cents a card. But because
> of the red tape involved to change the paperwork Honeywell decided that
> the problem wasn't that serious. Of course I couldn't let that set
> (after all would you want erroneous data on your position in the air 3%
> of the time) the change was eventually made. Of course I was branded a
> troublemaker and my contract wasn't renewed (technically I was fired).
> 
> Craig S.

Same thing happened to me.  I found 10's of thousands of credit 
card numbers, names, addresses, mother's maiden names, etc stored
on the web servers in logs - contrary to corporate policy.  I made 
the developers stop logging that stuff.  My contract was terminated.


> PS: When did pinhead finance majors start making engineering decisions?
> That is something that really bugs me.

That is the way it works.  At least in the two Big Corporations
I've worked for as wellas the Military.  It all comes down to the
Benji's - someone has to pay for the screwups, and they have to 
weigh the cost to fix the problem against the benefit of that fix
against the risk of not fixing it.

Did you know that it costs $20,000 to change one page of a Navy
Reactor Plant Manual.  Needless to say, they don't change them
unless it's important.

Regards,

George