alt Hacker NewsWe need a software building code. This wouldn't be allowed to happen with non-software. The fact that anyone can build any product with software, make it work terribly, and when it fails impacts the lives of thousands (if not millions), needs to be stopped. We don't allow this kind of behavior with the electrical or building code. Hell, we don't even allow mattresses to be sold without adding fire resistance. The software that is critical to people's lives needs mandatory minimum specifications, failure resistance, testing, and approval. It is unacceptable to strand 150,000 people for weeks because a software company was lazy (just like it was unacceptable to strand millions when CrowdStrike shit the bed). In addition to approvals, there should be fines to ensure there are consequences to not complying.
Replies
The two long-term existing environments are Misra-C and ADA.
https://en.wikipedia.org/wiki/MISRA_C
https://en.wikipedia.org/wiki/Ada_(programming_language)
ADA is particularly strong in aviation.
https://www.adacore.com/industries/avionics
Rust would also be a contender, but it's "the new kid on the block."
I think a better ideea would be that software should not have disclaimers. Authors should assume full responsibility in court if their work misbehaves.
There are lots of "software building codes" IEC-62304, MISRA, DO-178C, etc. Problem is that the vast majority of software doesn't fit into those categories. And as you mention, since you can build any product with software, you would have to have categorization for any new standards to make sense.
That’s the wrong lesson. Rather we should control things we own and not them control us.
I have no idea why you'd been downvoted. Everything you said is common sense. I guess this is a case of "it's hard to get a man to understand something if his paycheck depends upon him not understanding it."
It's great to assert "we need" but I implore you to consider the downsides first.
I work for an electrical contractor and I don't think being annoyed by shitty UI is nearly the same problem as electrical fires. Why govern the whole set of software with 1 set of rules?
Software isn't safety critical until it is, but we already have code to regulate software on electrical equipment, planes, etc. Why do you recommend software have a code? I'd much rather each individual thing that's safety critical have regulations around software in place than have to learn a 4000 page manual that changes every time you cross a jurisdiction, where enforcement varies, etc.
Software engineers can't even agree on best practices as is.
Imo, put the code around the safety critical thing (e.g. cars, planes, buildings). Restricting "critical" software will only get abused the way essential workers did during covid.
Also keep in mind the way buulding code gets enforced: you get an inspection upon completion or milestones. Software has a tendency to evolve and need maintenance or add features after; I don't want to trust this to a bureacrat. I don't like google or apple getting involved on "their platform" and I certainly don't want an incompetent government getting involved.
Before we have a software code, let's make and adopt some guidelines we can agree to. In construction, plenty of builders have their own sets of internal rules that are de facto codes. When one of those gets popular enough for life safety software, let's consider pushing for that.