It's the Specification, Stupid!
Key components of the software supply chain can and should be designed with reasonable confidence that they will not fail. But this requires a shift from the prevailing test-fix-test coding cycles to a better paradigm where software is generated from rigorously validated "big" specifications. Software is the primary driver of the modern digital society. But software is also a major source of failure due to countless bugs and vulnerabilities waiting to be triggered or maliciously exploited. The estimated engineering cost of fixing poor-quality software exceeds 1 trillion annually in the U.S. alone,a with failure to patch known vulnerabilities being the largest contributor to these costs, and Cybercrime, which thrives on software vulnerabilities, is estimated to be another 8 trillion a year business and growing;b that is nearly 1 billion every hour. Given this track record, traditional software development and verification techniques that rely heavily on testing and manual inspection have proven both costly and largely ineffective in dealing with the complexity of today's software supply chain.
Nov-4-2025, 21:39:53 GMT