by the lack of a coherent source of information about software failures. Careful documentation and analysis of failures has had dramatic impact in other areas. More attention should be paid to the contributions of software to accidents, and repositories of accident reports are needed that include sufficient details to enable the analysis of trends and an evaluation of technologies and methods. Without a concerted effort to collect better data, investment in software technology and research may be misdirected, ineffective practices will remain, and adoption of the most effective methods will be hindered. In the absence of a federal initiative, the situation might improve dramatically if all the parties currently involved in software production, regulation, and accident reporting were to monitor systems more pervasively and systematically for failures; involve software experts to a greater degree in the investigation of failures of systems that include software as a component; and insist on greater transparency in every aspect of software development and deployment than is currently expected.

RECOMMENDATIONS

To Builders and Users of Software

Make the most of effective software development technologies and formal methods. A variety of modern technologies—in particular, safe programming languages, static analysis, and formal methods—are likely to reduce the cost and difficulty of producing dependable software. Elementary best practices, such as source code control and systematic defect tracking, should be universally adopted, and development organizations that fail to use them should not be regarded as sources of dependable software. Advanced practitioners, especially those working in specialized domains, may be justified in creating their own framework of processes and practices that embodies these recommended elements. But those who are not already familiar with the best practices of the industry (described previously) should first ensure that their developments adhere to these elements and then consider diverging only under extraordinary circumstances. Formal methods have been shown to be effective only for small to medium-sized critical systems and have not been widely adopted. Furthermore, they require a new mindset and may demand staff with greater expertise, especially in the early stages of development. Nevertheless, key elements of formal techniques would aid in the cost-effective construction of dependability cases and could be widely applied, especially in combination with the incrementality and minimality encouraged in some development approaches such as those currently labeled “agile.”



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement