It is undeniable that software now underpins many aspects of national life. In many respects, we have sleepwalked into a situation where we, as a society, are now heavily dependent on software. We take for granted that it keeps airliners in the air, facilitates the stock exchange and money markets, helps clinicians provide better care and keeps the wheels of ecommerce spinning.
It also has crept rapidly into our private lives, running our phones and TVs. It collates our music and keeps us all connected with social media. It generally works and when it doesn’t, we shrug our shoulders and say: ‘that’s technology for you’, but is this a sustainable situation? It’s an important question for those of us in positions of leadership within IT.
There is no doubt that our reliance on software is only set to continue and this is surely good for those of us developing software. However, we need to understand that with all this good comes considerable responsibility.
In particular, we need to be aware of an issue that is slowly creeping onto the radar of those whose lives depend on technology. It’s the question of whether the software is actually trustworthy.
A significant event happened on 10th June 2014. Publicly Available Specification (PAS) 754: Software Trustworthiness - Governance and Management Specification, which was facilitated by the British Standards Institute, was launched. The PAS was sponsored by the Trustworthy Software Initiative (TSI), which is a joint venture between HM Government’s Department of Business, Innovation and Skills (BIS) and the Centre for the Protection of the National Infrastructure (CPNI).
The importance of this new PAS to the UK Government was underscored by it being formally launched in London by the then Minister of State for Universities and Science, The Rt Hon David Willetts MP, before an invited audience drawn from industry and academia.
Consumers, and quite clearly HM Government, are beginning to realise just how dependent they are becoming on technology. This trend will only continue and deepen as we hear of more and more IT fiascos. It worries people and unnerves them. People are beginning to shift from accepting that software has its flaws to increasing anger that there should be any at all. Is the writing on the wall for untrustworthy software development?
Part of the problem is the over-optimistic selling of solutions that never were going to be delivered on time or to budget. Deals are closed with naïve buyers who are promised everything and anything they want. The unrealistic budget is consumed early in the project cycle and when the product comes close to release, it generally works, so why fuss over a few cut corners and buffer overrun issues?
People, it would appear, can tolerate their TV system occasionally crashing or their phone freezing on them because of these shoddy practices. However, deny them access to their money and they become far less tolerant. Availability is an increasingly significant issue.
Reliability is another aspect that is climbing up the agenda. The ability of poor-quality software to disrupt not just our own lives but the whole of society will increasingly drive people to demand better.
It won’t be long before computers are embedded into cars that are just another device on the Internet of Things along with power meters and a host of other sensors, all open to hacking and exploitation.
When computer failures start to impact on lives on a regular basis, then trustworthy software will be a prerequisite. Indeed, safety concerns will become very important. Whenever I speak to IT professionals and the topic turns to regulation, everyone seems agreed that it will be our ‘first bridge collapse’ that will force the issue.
HM Government, concerned with our welfare and the security of the realm, are deeply concerned with resilience. Just how resilient is our national infrastructure? Perhaps not as resilient as it should be since those procuring software for the state have repeatedly got it wrong as far as large-scale IT systems go. It’s not just government - bank systems don’t seem too resilient either if recent issues are anything to go by.
Security is increasingly high on the agenda, even amongst celebrities who have found the systems they once trusted were not so secure. Most organisations are far from focused on security. It’s burdensome. Consumer attitudes, though, are beginning to change - sharply.
People are beginning to realise that all the free services they depend on so heavily have often cut corners. As consumers begin to understand and (sadly) experience how vulnerable they are to insecure systems and cyber-attack they will soon be asking poignant questions about how trustworthy the software they rely on actually is.
The PAS754 specification focuses those involved in commissioning and delivering software on the five facets of trustworthy software: safety, reliability, availability, resilience and security. Each of these facets is likely to become a driver in software purchasing in the nearing future.
I would urge software developers to look at this PAS. If you accept that technology is becoming more pervasive and society’s dependence on software more critical, then you will clearly realise that those who are early adopters in this space will be the long-term winners. If you are already doing the noble thing then now is your opportunity to stand out from the crowd. The writing is on the wall. The question is, can you read it yet?
Alastair Revell CEng CITP MBCS FIAP is the Director General of the Institution of Analysts and Programmers, a member of the TSI’s Stakeholders Advisory Group and the UK Information Commissioner’s Technology Reference Panel. He is also a member of the BCS Membership Board Best Practice Committee and a CITP assessor.
