Thursday, January 7, 2010

Flawed Measures

Why do something you know is flawed?

Here are a couple of examples that crossed my desktop today.

  • Following my latest complaint that the ongoing OWASP project to identify the Top Ten Security Risks is fundamentally flawed (see previous discussion on my Computing blog) @mcgoverntheory replies "Many contributors to the top ten agreed that top ten lists as a concept are flawed. Its all about helping others move needle."

In both of these examples - I'm sure we could find many more examples of this kind of thing - there is an implicit belief that it is better to do something than to do nothing at all.

At the opposite extreme, we can find the perfectionist strategy that it is better to do nothing than engage in flawed activity. For example, Deming and his followers criticize certain forms of management intervention as "meddling" or "tampering", based on insufficient appreciation of the structure of the system in question, although as I've pointed out (in Reasoning about systems and their properties) such labels are themselves subjective interpretations rather than neutral observations.

The only possible resolution of this dilemma is a willingness to take bold action in the face of uncertainty - accepting the risk that something won't work, taking good precautions to mitigate the risk but going ahead anyway. This is why we need leadership rather than mere management.

No comments:

Post a Comment