UN Secretary-General António Guterres has initiated many efforts related to software and networking. High-level panels, as well as a Tech Envoy’s office, have been established to further assess the critical nature of software and digital technology in our 21st century. As I write this in late August 2024, a Summit for the Future on September 22-23 lies in my future. Among the Summit’s outputs will be a Global Digital Compact (GDC), intended as a framework for further elaboration of agreements that might be reached on a multilateral basis to deal with the many challenges and opportunities apparent in today’s hyperconnected world.
Headlines, books, essays, news reports, blogs, and social media have all drawn attention to the risks we experience when we rely on software and depend on online services through the Internet and the World Wide Web. It seems evident that we need more accountability in these spaces. In the recent past, a bug in software provided by CrowdStrike, which was propagated broadly in a routine software update, disabled tens of thousands of devices that were providing critical functionality for air travel among other services. Wholesale grounding of aircraft and flight cancellations, among other operational business impacts, led to days of turmoil and tedious manual recovery.
This column’s intent is not to point fingers but to draw attention to the critical need for better software design, development, test, and propagation processes. There might even be a place for standards, if we could develop them. The question for software developers, many of whom are ACM members, is how do we improve our practices? We need to defend against unintended mistakes, many of which lead to serious operational consequences. We also need to defend against deliberate attacks exploiting software vulnerabilities. In addition to defensive measures, we also need to find ways to collaborate, in some cases across international borders, to identify and hold accountable parties who, by intent or negligence, disrupt our virtual environments. The GDC, however it comes out, will be one framework in which national and international software-based systems might be made more robust and attackers held accountable.
This column’s intent is not to point fingers but to draw attention to the critical need for better software design, development, test, and propagation processes.
As of this writing, the GDC is in its third revision. Whatever the shape of the final compact, it is clear that this framework will require considerable development to fill in the details. We will want to track the specific practices that are developed and assess their effectiveness. There are several ways in which this could be achieved. One of them is to evolve the long-standing Internet Governance Forum to adapt its work to track and evaluate implementations arising from the compact. ACM and its members are in a position to explore the implications of the provisions in the compact and to use its broad aspirations to motivate further research on methods to increase the reliability and resilience of software-based systems.
We have an obligation to the public to evolve vastly better practices to make software more reliable, predictable, safe, and secure.
By any reasonable measure, more and more “things” will have software components and will be interacting directly, (for example, Bluetooth) or through the Internet and World Wide Web. As professionals, it is my belief that we have an obligation to the public to evolve vastly better practices to make software more reliable, predictable, safe, and secure. Just as we are worried about tsunamis in the wake of earthquakes and rising oceans, we will also have to worry about software tsunamis that may take us by surprise.
Join the Discussion (0)
Become a Member or Sign In to Post a Comment