Open Clean Source

Richard A. O'Keefe ok@atlas.otago.ac.nz
Fri, 29 Jan 1999 14:42:49 +1300 (NZDT) 

I claimed that insurers, IF they are to insure businesses against
software problems, will demand, as they have every legal and moral
reason to demand, that someone they approve of have the opportunity
to inspect the software in question in order to estimate risk.

Patrick Logan replied:

	Where are the number of trained programmers/inspectors going to come
	from by 2002?

The number of people needed to inspect a program
*with the aim of estimating its quality for risk assessment*
is very much smaller than the number of people needed to write it.

	Either civilization will come to a halt because there
	are not enough programmers or there will continue to be compromises.

Indeed.  The first compromise is the one the insurance companies are
explicitly making right now:  they refuse to provide Y2K insurance
because they don't even have the *opportunity* to assess the risk.
Businesses just have to operate without that insurance.

Like I mentioned, Telecom NZ (which our cursed loony right wing government
sold off to the Yanks several years ago) just discovered that their pay
phones are not Y2K compliant.  It's going to cost _millions_ to fix, and
they've annoyed every phone card holder in the country.  Don't you think
they'd have liked to insure against that?  There _will_ be a demand for
software insurance, it _will_ put up the price of professional software
development, it _will_ mean the insurance industry having to put up with
quality estimates based on sampling and testing, but they've had to put
up with estimates like that as long as insurance has existed, and that
_will_ mean we might need as many as 1 inspector for every 20 programmers,
which is nowhere near as great as the projected demand for programmers
anyway.
	
In fact, large commercial customers _already_ insist on the sources.
When I worked at Quintus, some of our customers would do business with
us *ONLY* on the assurance that a full copy of our sources was held in
escrow so that they'd have something to fall back on if Quintus went
belly up (or, as happened, got out of that line of business).

When I worked in California, they had a "driver responsibility" law
or some such fancy name, which meant that *either* you had and were
able to prove that you had adequate car insurance, *or* you paid the
state a bond of about 10 000 US dollars (I forget the exact sum).
How long before there's a legal requirement for something similar
for software?

	BTW who certified Linux? ;-/
	
Anyone who wants to.  That's the point.

	Fortunately the dating software can probably be developed in
	something much simpler than Haskell or Clean.  But what?

	Hey!  Domain specific languages developed *in* Haskell or Clean.
	
How does _that_ help?  If the domain specific language is developed
in Clean, then the risk of Clean Green's bet-your-business
program *still* depends on the risk of the Clean system.

	Also, you did not mention Mercury!

So?  I imagine many Clean-list readers already know that there's a
second source for "pure declarative programming languages using
checked uniqueness annotations".  I thought it had already been
mentioned as an open-source program.

Sun gave me the *full* Java sources just for the asking a couple of
years ago (so it was for academic research, so Clean could be the same).