Early And Often

Presently in the midst of taking the 50th annual two-week Human Factors Engineering short course offered by the University of Michigan, I find myself struck by parallels between HF and another domain in which I have non-trivial interest and knowledge, namely security. If you mingle in security research circles, you likely find two maxims oft repeated. First, “security is a process, not a product”. Second, “security has to be baked into a system”. Substitute “security” with “human factors” and one captures the frustrations of human factors engineers as voiced by many of the lecturers in my present course. Security experts dread having a “complete” system thrown over the wall to them with the odious task to “make the system secure”. Likewise HF folks chafe at the prospect of having a “complete” system tossed in their laps with the directive to “make it like the iPhone”. Given the (not so?) well known principle that fundamental defects become exponentially more expensive to repair as a project progresses, one marvels at the software development world’s need to have such independent “revelations” in various sub-disciplines.

The parallels do not end there. Practitioners of both subject matters have notorious difficulty quantifying costs, benefits, and risks. Leaky Abstractions furthermore pose myriad problems. As such, early and ongoing consideration seem the key to success. Iterative and Agile development practices are nothing new, but the industry regularly forgets to exert sufficient pressure on various sub-systems to shake out significant flaws before they become cripplingly expensive. User interfaces, security, networking, storage systems… As elegantly as we may modularize our systems, the inherent leakiness of abstraction boundaries between these sub-systems manages to burn us again and again. Consequently, we must aggressively and regularly conduct usability tests, performance tests, and penetration tests. One cannot overestimate the criticality of regular integration testing and sanity checking. Even seemingly simple systems are hard to get right.

— AWG

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s