Shostack + Friends Blog Archive


Practices: Proven vs. Standard?

In comments yesterday, both Kyle Maxwell and Nicko suggested that “standard” is a better adjective than “proven:”

I like Kyle’s “standard” practice, since it makes it clear that you are just following the flock for safety by sticking to them. Perhaps we should call them “flocking standard practice”

I do think there’s an important difference, which is that standard practices include things like user education. Things which (as far as I know) no one has ever tried to measure or justify. Proven practices are those that have been demonstrated to work somewhere. It doesn’t say that there’s no better way to do it. It doesn’t say that it’s economically optimal, just that someone has actually set some acceptance criteria, tested it, and proved that it was able to meet the criteria.

Publishing the criteria and reproducible details of how you tested along with your practice — that’s a best practice.

3 comments on "Practices: Proven vs. Standard?"

  • That sounds a little like the old model of “proof”: fire one shot at the armor, and if it’s okay, use it in battle.

    We require stronger forms of induction in most of our work. For example, we’d never accept an accounting practice that had only worked once, Perhaps we’d try it in parallel with others for a while.

  • Kyle Maxwell says:

    Right, I wouldn’t suggest that “standard” practices are actually the best. I just don’t like using such a superlative and unprovable term, particularly when the practice receiving such adulation generally doesn’t meet even a colloquial definition of “best”. Usually, what people call “best practice” are things that are good enough to keep you from getting fired.

  • Andrew Yeomans says:

    When you refer to “standard” practice, I think you really mean “common” practice. Unless there really is a standard covering that area.

Comments are closed.