[an error occurred while processing this directive]
CSC 300
Professional Responsibilities
Winter 2003
CSC 300 Professional Responsibilities
Quiz 5
Student Name:
Please answer the following questions in the space provided.
The number of points for the different parts is indicated below
(20 in total).
Professional Responsibilities under Pressure
Assume that you're working for a software development company
specialized in medical information systems. You're responsible
for a project to develop an integrated medical information system
for a company that owns a number of hospitals, and is affiliated
with a number of doctors and other medical service providers
such as laboratories. Your system is close to completion, and
scheduled for deployment at the end of the month. This system
is very critical for your company, since it is considerably
better than any product currently on the market, and promises
considerable savings to customers due to its close integration
of various types of information about patients, procedures,
products, and other aspects. In addition, you will receive
a generous bonus upon completion, and it has been made
clear by your supervisors that your career will receive
a significant boost from a successful deployment of the system.
In a meeting with your core team members, two of them raise
issues that may jeopardize the successful deployment of the
system:
Another system that relies on the same data base management system
was breached recently, and critical medical information was obtained
by the intruders. While the intruders claim to have no bad intentions,
they described their intrusion attempt in detial on a Web site.
Through direct personal contacts with team members involved
in the development of that data base management system,
it has become clear that the problem is very difficult to fix,
and a patch will be available in several months, at best.
Your team member has come up with a tricky way to install
the data base so that it is not visible to intruders,
and is convinced that it will be safe.
The part of the system that performs an analysis of medical
services provided is close to completion, but there won't be
enough time to perform the full set of tests. The team member
responsible for this suggests to deploy the system with the
test mode enabled, which would allow your company to remotely
log into the system, and complete the test suite. He suggests
that this would not be a problem anyway, because the agreement
with the customer has a provision that allows your company
to do performance evaluations of the system after its installation.
You have recently obtained the latest revision of the
"Software Engineering Code of Ethics and Professional Practice"
(see http://www.acm.org/serving/se/code.htm,
and decide to test its usefulness in practice by applying it
to the two issues described above.
Your task is to examine the issues with respect to the principles
described in the SE Code. Identify principles that you think
may be violated, and describe the critical aspects of the violation.
Finally, evaluate the overall situation that you find yourself in,
and make a decision on how to proceed with the project.