Software 'glitches' are not acceptable. Learn from aviation

AdaCore chief Robert Dewar calls for improvement

The term "glitch" is often used to describe an error in software, but the word itself undermines the severity of such errors, according to open source software company Adacore.

Only this year, a so-called software glitch was responsible for a substantial IT failure at the Royal Bank of Scotland (RBS), which meant that millions of customers could not gain access to funds in their bank accounts.

Events from the Wall Street Crash to Toyota's brake failings in 2009 have also been attributed to software glitches - trivialising the problem and implying that it can be reasoned away.

According to Robert Dewar, president and CEO of AdaCore, however, there is no excuse for these outages. In the world of aviation, where failure is not an option, software glitches simply do not happen.

Speaking to Techworld, Dewar said that the banking sector can learn a great deal from ultra-paranoid industries like aviation, which use highly reliable programming languages such as Ada in their application development.

Adacore's main product, GNAT Pro, is a commercial-grade open source Ada development environment that supports all versions of the Ada language standard, and is used primarily by the military and aviation industry.

GNAT Pro underpins the UK's Interim Future Area Control Tools Support (iFACTS) air traffic control system, implemented by Praxis in 2007, as well as the onboard computers on BAE Systems' Eurofighter Typhoon combat aircraft.

"We have never lost a life on a commercial aircraft due to a software bug in the entire history of commercial aviation," said Dewar. "Nothing in Ada guarantees no bugs, but Ada comes with a safety culture."

Ada is designed to make it easier to write safe and reliable applications. The syntax is simple, consistent, and readable, and uses English keywords such as "or else" and "and then" over symbols such as "||" and "&&".

A large number of compile-time checks are also supported to help avoid bugs that would not be detectable until run-time in some other languages, or would require explicit checks to be added to the source code. This means there is less chance of a major failure after deployment.

Dewar has also helped to develop the DO-178B Software Considerations in Airborne Systems and Equipment Certification, which is used to determine if software will perform reliably in an airborne environment.

However, Dewar said that programmers do not have to be writing in Ada to write reliable code. While languages such as C and C++ are known to be problematic, there is no reason that applications written in these languages can't be just as reliable as those written in Ada.

It all comes down to carrying out comprehensive integration testing and using formal methods of proof to verify security before these applications are deployed, he said, as well as leaving a development trail so that errors can be easily traced back to their source.

"The highest levels of software need formal methods," said Dewar. "We have to be able to enforce this level of checking."

Ultimately, writing more reliable code will cut down on errors and reduce the risk of costly outages in most industry sectors. Before this can happen, however, people have to stop accepting that "glitches" are trivial and start demanding better software.

"You wouldn't excuse the crash of a jumbo jet by labelling it a glitch, so why the failing of a banking application?" he concluded.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationssecuritysoftwareAdacore

More about AirborneBAE Systems AustraliaPraxisToyota Motor Corp AustWall Street

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sophie Curtis

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts