Software Engineers Vs. Programmers

Tuesday, August 03, 2010

Dr. Steve Belovich

In the US, there is no universally-recognized, formal certification process required to be a programmer. Some programmers are graduates of CIS (Computer and Information Science) programs, some are engineers and many are neither.

Novell and Microsoft have tried to create proprietary certification with their CNE (Certified Network Engineer) and MCSE (Microsoft Certified System Engineer) training.

Many states have made using such titles illegal because they mislead the public on who is really an engineer.  Graduates of CNE & MCSE training are not required to have an ABET-accredited engineering degree or a PE (Professional Engineer) license so they cannot be called engineers.

This effort is in the public interest because software impacts public safety. By way of information, Ohio has rendered the MCSE and CNE titles unusable unless you are an actual engineer. Nevada also has strict engineer title laws.

The “science” of computer science has a long way to go. Few truly useful software development paradigms exist and the graduates are not adequately trained in their use or are even aware of their existence.

The professors themselves are ignorant of current software development practices and have little to offer their students in the way of helpful suggestions.

Having been a Computer Engineering professor at a large university, I can personally attest to the appalling lack of understanding of software engineering issues on the part of a few of my former colleagues.  Scary, really.

Some organizations, such as Carnegie-Mellon’s SEI (Software Engineering Institute) are combating this widespread ignorance. Local SPIN groups (Software Process Improvement Network), an outgrowth of CMU’s SEI, are also assisting in this effort.

However, as long as time-to-market issues dominate software development (rather than safety or correctness), there will be little incentive to change.

Software engineers, on the other hand, have a lot more science and technology background than do programmers or computer science majors. Because they are degreed engineers, they have the ABET-approved engineering core which includes physics, chemistry, math, thermodynamics, material science, engineering design, etc. Software engineers, at the graduate level, also learn project management and other business aspects of the software design and production process.

Software engineering programs are still nascent, but they are gaining traction as employers realize that programmers alone cannot get the job done.  It is the beginning of wisdom when a software developer learns the difference between getting a program to work – and getting it right.

Experience has verified that a team of engineers is generally better to use for a large software project when it's gotta get done right and within the time and budget constraints.

At our organization, we focus on degreed Software, Computer and Electrical engineers from ABET-accredited programs.  Computer science folks are still welcome to apply, but only if they have at least one degree in an engineering discipline. 
Post Rating I Like this!
Mister Reiner Programming is a lot like drawing - some people have a natural talent for it and do it well, while others struggle along and never truly get it right.

What the industry really needs are apprenticeship/intern programs - just like other professions. People need real world projects to work on under the tutelage of a "Master" to get it right - no matter what type of schooling they have. There are a lot of programmers that are capable, they just need a guiding hand to help them reach their full potential.
Roman Zeltser Mister Reiner,
One more certification program? Common! I guess, entire America is already certified. In 2002, I wrote an article about where those certifications came from (you still can read it here: Certifications make money for those who organized them. It's a fact. How about benefits? Doubtful for many certified. Some of them got the benefits to show the capital letters in the resume and possibly higher compensation but most of them just wasted money making someone rich.
What we really need is the HANDS-ON training (for several months) on how to write the SECURE, quality programs. No Academic training teaches real programmers but good hands-on training will make it happen.
No geography or material science will make better software engineers but great hands-on training, real-life projects, and highly experienced mentors will make a difference.
Ray Tan No geography or material science will make better software engineers but great hands-on training。
I agree, only the experience mentors can lead you in the correct direction.
Dr. Steve Belovich Reply from Dr. Steve G. Belovich -

Regarding apprenticeships, that might help, but do not expect too much from that approach. Certification and regulation become the next issues, which basically kicks the can down the road a bit without resolving anything fundamental.

In my post, I was really addressing something more fundamental. You can train someone all you like but if the underlying thought process is still the same, you don't really accomplish too much.

The "trained & certified person" simply knows how to use the newer tools to write the same crummy, poorly architected, poorly documented code in a more efficient way.

The underlying thought process is what must be addressed and an engineering education helps out with that in two ways:

1) by naturally attracting disciplined and logical thinkers (and weeding out those who aren't).

2) by adding to the students' knowledge base so that when they write code, they understand the underlying physical process(es) that they are dealing with.

Of course, if the goal is simply to produce a video game, a word processor or something that does not deal with a physical process, then a programmer can work out OK. For anything "real", an understanding of the engineering is vital.

R Kapil Makes sense for somebody right out of college. But when you're looking for senior people, I'll take a mix of intelligence, experience, passion, drive, creativity and work ethic. If you spend the time interviewing and verifying your candidates, it isn't hard to figure out who is top notch and who isn't.
Dr. Steve Belovich Good comment. The characteristics of intelligence, experience, passion, drive, creativity and work ethic are certainly required for success in nearly any endeavor.

My point remains that if someone does not adequately understand fundamental engineering, then the range of programming projects that they can successfully handle is limited. For real-world projects that interact with physical devices, the "engineering core" is essential.
Dj Spydr while I understand the argument - the big gap with engineers and programmers today is actually developing to the RFCs. I've seen skilled programmers and effective engineers but both missed reuirements because they didn't look at how usage of protocols and services. As an Infosec person it all should be tracable for architecture reason both from a protection perspective and if developing a requirements framework. Many COTS products (Hardware or Software) don't list the RFCs they are compliant with, I have run across a number of providers that do list them, but usually it isn't in the tech specification - you have to request it. And lets face it - the reason they don't ensure RFC requirements - is it takes time, and a special kinda drive to get thru them and most don't want to dedicate their time to it. As I was an engineer prior to programming it would be hard for me to say which is more important as skills from both are needed, as an infosec professional thou - I believe it comes down to requirements - and those requirements with regards to protocols, key usage, etc require knowledge of RFCs
Dr. Steve Belovich Software is very much like civil engineering: you can do anything you'd like to design the 110th floor of the World Trade Center. However, If I crash a plane into floor 57, you're going down no matter what you did on floor 110.

That's what most "pure software" folks just do not understand. They are using tools and techniques to defend upper floors while they ignore the foundation. The foundation is what is vulnerable and that's what the serious hackers go after.

Of course, defending "upper floors" is still useful because it keeps the script kiddies out. However, do not be fooled into thinking that you are safe. The foundation is key and that's what the serious hackers go after.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.