Code 2018 Draft 3: Has 1.2 been watered down?


I’ve seen some discussion on Twitter about wording changes in 1.2. In particular, the 1992 Code says

To minimize the possibility of indirectly harming others, computing professionals must minimize malfunctions by following generally accepted standards for system design and testing.

while Draft 3 says

To minimize the possibility of indirectly harming others, computing professionals should follow generally accepted best practices.

So “standards” becomes “best practices” and “for system design and testing” was removed.

I believe the intention was to actually strengthen the language, not weaken it … it would be helpful for other people to chime in and let us know what you think.

Here is my rationale:

  • Following “best practices” includes following “standards.” If there was a major malfunction with a piece of code, and it turned out that this was because one had not followed a standard, then I would say that code had not followed best practices. All else being equal, following best practices require following standards. Note, of course, that all is not always equal. You could cook up a scenario where the standard is wrong, but that doesn’t invalidate my point, it reinforces it: In that case the best practices agreed to by the community may be to ignore the standard, and that could be the right thing to do in that specific scenario.
  • Following “best practices” is always required, not just in system design and testing. At one point we had a laundry list of everything we could think of “system design, testing, maintenance, implementation, data processing, …” So the intention of deleting “system design and testing” doesn’t mean you no longer have to apply best practices to system design and testing, it means you must also apply it everywhere else, too.
  • “Best practices” does not mean “what everyone else is doing.” If every were writing safety critical software in assembly language, or using okay++ instead of okay = true, that does not make it a best practice. My feeling is that “best practices” emerge from consensus of the specialists in that particular area. Not being a specialist in security, I would look to experts in that area to inform me about best practices, and then I try to use those best practices in my code, whether or not it is dictated by a standard.

Code 2018 Draft 3: Section 1 discussion

I like this particular change. I believe that a standard is simply a particular type of best practice, and that a best practice is simply something that works for most people most of the time. However, I’m not convinced that simply following best practices will do anything to prevent harm. I’m looking at things like the JSF C++ Coding Standard or MISRA C. Using these standards (or best practices) aren’t going to prevent harm. However, they will reduce risk of harm. I think that the concept of reducing the risk of harm is missing.

I think that there are also tie-ins to Principle 1.3 (being honest about your qualifications and limitations that can introduce an increase in risk of harm) and Principle 2.4 (asking for professional review of the work - this includes the selection of best practices or creation of project-specific practices, methods, and tools to reduce the risk of harm).

Again, I think that “reduce the risk of harm” is a better concept than “minimize the possibility of indirectly harming others”.