The hardware developer for making hardware that isn't resilient to, or catches, bad code. Developer, not manufacturer. Every piece of hardware needs to have an ability to survive, even if higher levels (firmware, software, user actions) are buggy or incorrect.
This is a case of a failure of Risk Mitigation. The system consists of
As a system vendor who sells all 3 components as one product needs to ensure that no critical failures can happen (in theory) caused by the hardware. If the user provides meaningless values to the software the software should reject these values. See Therac-25 issue[^] what can go wrong if the device is a particle accelerator to treat cancer.
Modern wisdom is, in fact, leaning away from user manuals and towards "better UX design which makes things apparent". For things like apps and software, this mode of thinking is quite appropriate, for years we have been struggling with complex and mind boggling GUI and even web interfaces which never made sense unless you read and understood the manuals first!
The average user's life complexity has increased and attention span has consequently decreased over time and most engineers acknowledge that. Even for gadgets and devices, the intention is always to make it as "dumb proof" as possible with the assumption that the average user will never bother reading a wall of instructional text before approaching a device!
There should be good error checking for unforeseen circumstances especially when there is a chance it can damage hardware. With all the hacking going on and bad actors looking for flaws, there is no excuse for software to have such an easy way to exploit it.
Here are my thoughts - including estimated blame percentages (that will not add up to 100%, they are individual)
The user (~0%)
Doing something obviously wrong (e.g. setting voltage to 42 instead of 24), especially if the
correct value is used elsewhere.
Should have questioned the supplier.
Documentation should be seen as correct.
When unsure you follow the 'power structure' - that is the user documentation.
The documentation writer (~60%)
Should have a proof-reader
Should test instruction are correct on the hardware/software being used.
The documentation is for a range of hardware and is correct for a subset of hardware.
Incorrect information was provided as incontrovertible fact.
The software developer (~60%)
There is a bug in the software.
Did not read hardware documentation correctly.
Software should be fault-tolerant.
Software should not be able to damage hardware.
There could be a use case for using the software as described that does not cause a hardware failure.
Lack of hardware documentation could mean the bug was impossible to anticipate.
The hardware manufacturer (~50%)
Hardware should be fault-tolerant.
Possible damage was not anticipated. This could be considered a hardware bug.
Safety gap was not documented.
Not every scenario can be protected - document what can not.
There could be a use case for using the hardware as described that does not cause a hardware failure.
The hardware/software integration and system tester (~80%)
Did not read/check documentation and test on hardware/software being shipped.
Did not check the software.
Did not check the hardware.
Did not have the exact software/hardware/documentation that caused the hardware failure. (Who shipped different hardware/software?)
Hardware/software might have changed since shipping.
If printed anyway. Electronic documentation has zero value to users what so over.
Did you ever see history portrayed as an old man with a wise brow and pulseless heart, weighing all things in the balance of reason?
Is not rather the genius of history like an eternal, imploring maiden, full of fire, with a burning heart and flaming soul, humanly warm and humanly beautiful?
if the purpose of the question is to find someone for the blame game, I don't find the necessity to answer it
if the purpose is to find where we can improve, the question needs to be rephrased. And in that case, I would say all can be improved:
- documentation obviously needs to be corrected
- both hardware and software need adjustments to make it impossible/difficult to be misused. Never trust users and always assume things can go wrong
- maybe deployment pipelines (where automated tests happen) and testing process can be improved too (add more test cases to cover this)
"obviously incorrect documentation" in what way? Does the document contain a version number? Does it state it may contain unreliable information? Does it state may cause damage if used improperly? As long as it clearly contains wording to effect that the makers are not liable for damages caused by in-properer use of this product, the user is at fault. There is no court in the United States the will hold an entity responsible for damages caused by an improperly used product when such use is clearly stated in user documentation. For special use stuff there are usually a big RED stickers all over the packaging as well as keep away for children wording. But it is not uncommon, in these litigious times, for some idiot that would attempt to file suit against the maker toaster when said idiot threw the live toaster in a bathtub that causes their house to burn down. Neglecting to read the documentation is also no excuse either. Anyone indenting to sell a product, with at least one functioning brain cell, should at the very least know to consult someone who knows how protect themselves against product liability.
Perhaps because as mental defectives, they cannot be held responsible for anything.
Seriously, unless the initial requirements were for a device that was unsafe, impossible to build in the time allotted, or violates the laws of physics, I don't see how "Marketing" would be involved in the blame-fest. The other departments also have a responsibility to speak up when this is the case.
Freedom is the freedom to say that two plus two make four. If that is granted, all else follows.
-- 6079 Smith W.
A "bug" is a bug; and if the bug triggered the failure, the software is at fault. A "bug" implies something that could have been prevented and is an error / flaw.
If there is no "bug" (in all its omissions and commissions), the software cannot be held at fault.
(The software is also not at fault if it says "Use at own risk" , maybe. )
"Before entering on an understanding, I have meditated for a long time, and have foreseen what might happen. It is not genius which reveals to me suddenly, secretly, what I have to say or to do in a circumstance unexpected by other people; it is reflection, it is meditation." - Napoleon I
As an embedded dev of 24 years or so, who worked on detonation systems, financial systems and medical research systems, I disagree.
The user followed instructions that should have been obvious (to the user) were wrong
So? If you buy a TV and wire it up wrong do you expect the house to burn down? No, because of things like breakers in the mains circuit, one-time fuses in the TV, diodes in the power supply, earthing in the enclosure (for a metal TV). A device which results in an expensive incident when used incorrectly is not fit for the market, and the manufacturer will sooner or later be sued.
There are limits, of course. If you buy a TV, pour petrol all over it and turn it on, you can't expect to win a lawsuit when the house eventually burns down.
The documentation writer wrote these instructions
Documentation authors only write what is specified. If they put an instruction of the form "Do action $FOO", they didn't make that up - someone, somewhere informed them that that action is supported by the device. Of all the people in this scenario, documentation authors are the least culpable, because they don't get to decide what the product can do, they are only told what the product can do.
The software developer wrote code that had a bug in it
Definitely the software developers. After all, the bug is the thing that was created by the developers in the first place. It is unreasonable to expect that a bug will never be triggered.
The hardware developer built hardware that failed when the wrong instructions were passed to it
Not so culpable. Hardware is built to within a certain spec with specified tolerances, and since the bug put the hardware out of spec all bets are off. It's up to the product designers (including the software devteam) to ensure that they choose products with failure modes they are comfortable. If a product had a rotor that will destroy everything if rotated backwards, it's up to the team to choose a motor driver that cannot change rotational direction. If they choose a driver that allows rotating in both directions, then that's their fault when the bug causes the rotor to reverse direction.
The QA / integration testers / whatever failed to catch any or all of the above
Testing cannot assure the absence of bugs, testing only detects the presence of bugs. The test for the action $FOO must have passed in the test jig, after all, because every single thing that the devteam says the product can do is tested.
Ultimately, it's only the software dev team that is responsible because it originates with them and them alone. After all, they produced the product and said "Performing action $FOO is safe".
Testers tested the action $FOO, it passed.
Documentation writers were told by devteam to put $FOO into the documentation, they were told by the QA team that $FOO was tested, so they put that into the docs. Did you expect the documentation authors to test it too?
User read the documentation, then tried to do $FOO. Why do you think it's their fault too?
The hardware vendor sold hardware that did exactly what it said it will do. You can't blame them if the bug sent what the hardware considers to be a valid command. I'm sure the vendor, or a competing vendor, would have sold a product with a reduced set of valid inputs. The devteam should have chosen *that* product.
All are at fault! First, who wrote the documentation? Was the documentation meant for using the hardware or the software? The user was using the hardware and not necessarily the software, so it would appear that the documentation was for the hardware and not for the software. This causes the person(s) who wrote the documentation to be at fault. Was it the hardware manufacturer who wrote the documentation? Who was the documentation "obviously incorrect" to? If it was obvious to the user, then the user is clearly at fault for following the documentation and not questioning if it was right. The hardware may or may not have been defective, and the software caused it to operate in a way it wasn't planned for. This of course can be viewed as bad design work as the hardware manufacturer should have anticipated that behavior in its design. The bug in the software can only be viewed as the fault of the programmer and those who tested the software. The programmer should have anticipated all possible scenarios and the testers should have tested all possible scenarios. Clearly, they missed something though. Thus, there seems to be plenty of fault and blame to go around.
I see some visits to lawyers in the near future, and probably multiple lawsuits ultimately being filed. Who will be the big winners here? The lawyers of course. The documentation will get fixed, the software bug will get corrected and the hardware will be improved upon. Hopefully the user will become wiser as well, probably to the point of not even reading the documentation next time. This then brings us back to the question of 2 weeks ago, "Do you expect users to read the instructions when using your apps?". In this case, at least the user read, and even followed, the instructions. Unfortunately, the whole thing turned out to be a major SNAFU, and the lawyers will make lots of money from it.
Last Visit: 31-Dec-99 19:00 Last Update: 6-Feb-23 5:57