But will they pay millions of dollars for a WiFi firmware stack in energy IoT devices that the grid is increasingly depending on that isn't vulnerable to memory overflows or other hacking vectors?
Software is becoming more and more depended on for life and death use cases every day.
Life-and-death software is already regulated fairly strictly and generally has decent quality. But of course the companies developing it also try to cut costs and in the end it's more about checking off boxes to avoid liability than producing correct software.
Hmmm, on the sliding scale of harmless to life-and-death software, it seems that as time goes many programs and services migrate from being closer to the harmless end to bring closer to the life-and-death end.
I feel that migration is often ignored or discounted. For example, Facebook in the early years was considered mostly harmless, but now has migrated to being exploited by state actors to brainwash populations into hating each other, interfering in elections, or at worst performing genocide on a minority group. We need to stop assuming that just because a software application is harmless now, that it will stay that way, and we need to adjust its "correctness" accordingly as it migrates along the harmless <> life-and-death scale.
I agree with you. And it's ok allocating a limited budget, if you keep in mind that you can get at most a limited software.
In my experience, nearly all delays in software shipments have been only in the eyes of idiot managers: developers and smart managers recognize the constraints being constantly added to a project and know in advance that the result cannot be what was promised in a totally different scenario.
