All over the world governments make rules to protect citizens against all sorts of dangers. Supervisors – “authorities” – check that those rules are observed. If not, they warn, businesses close and hand out hefty fines in the expectation that violators will improve their lives. This happens in areas such as food and wares, new drugs, financial services and data protection. Software does not occur and that must change as soon as possible in the list. We urgently need a software authority.
In recent years, we have the role of software see increase exponentially. Not just the flood of apps and other software on our servers, PCs, tablets and smartphones running, but also to software ‘embedded’ in eg cars, airplanes, medical equipment, network equipment, machinery, smart TVs and countless consumer items. This built-in software is crucial to the operation. Are there errors in the software can interfere, so that users of the equipment and / or the environment at risk.
software testing is under pressure
in the software world, the rule of thumb is that roughly every thousand lines of production-ready code an error occurs. A fighter aircraft of the type Joint Strike Fighter (JSF) contains an estimated 24 million lines of code, while a modern high-end car even runs on more than one hundred million lines of software. Testing of the software is under pressure, not only by the cost, but also because of the strong pressure to yield the software within the prescribed deadlines. That does not mean that there is not tested and verified. A test institute such as TÜV admittedly looks at safety certifications. but it is focussed on the processes to be followed for a certificate. The quality of the end result – the software as it is in the product – is not controlled externally. Compare this to crash tests in the automotive industry. Here are spared no effort to ensure the final product safety, regardless of how came about this final
Controls allow the placing on the market rapidly in the way. But it can take years before a drug is allowed on the market and the pharmaceutical industry knows that to deal with. The social risks are very high. The same applies increasingly to the risks of poor quality software. This justifies the establishment of an “Authority Software ‘that should keep us from harmful effects of software failure.
This obviously requires a statutory basis, comparable with that of the obligation to report data leaks after a security breach of personal data, as provided the Data protection Act. The social importance of this data security is so great that the Authority Personal even hand out very hefty fines. According to this model would be an Authority software should, too.
The work of such an authority should be set exactly is obviously not trivial. Priority must be that it is going to prevent the market comes with software errors that can harm us – not to drive for how software should be developed. There are also legal, political and economic dimensions that need to be thought about. Experiences in other sectors to make clear that the required quality – and therefore safety – can not be enforced by ‘the market’ itself. The economic interests of the individual companies and are too large (international) competitive considerations come into play. Fearing for limiting competitiveness will be a “safety mark” software only succeed at European level.
Do not check any software
Practical obstacles are there too. Check all the software does not, even if it only would be built-in software. But as the Food Safety Authority also does not check every hamburger, it is not necessary to check all the software and each release. sufficient samples. Already, there may be all sorts of tools are used to check the software. The Authority may cease good use of tools to determine proper operation. Think of tools to detect critical errors in implementation. Also tools that provide insight can help in (eg cyclomatic) complexity of the software to determine which might need an extra pair of eyes
Finally. Software with ‘bad intentions’ are also tools not to catch. Sjoemelsoftware is meant to cheat and that can not identify a tool. detecting bad intentions software successful, experts revise the code. But if that happens will play the issue of intellectual property, as well as so another challenge lies. It will not be easy to achieve an authoritative software-authority. The European legislation on data protection and supervisors who can actually act, lead by example.
Martijn Rutten, CEO and co-founder of Vector Fabrics
.
This article is derived from Computable.nl (https://www.computable.nl/artikel/5735926). © Jaarbeurs IT Media.
No comments:
Post a Comment