I would have disagreed with you in the past by saying, "until it breaks something critical and you loose customers and business", but then again people just moved on from the Crowdstrike incident like business as usual.If something like that which grounded critical service globally and had an estimated 10 Billion Dollar economic impact doesn't change mindsets,I don't know what will.
That's because no one died. All the safety critical industries are already heavily regulated. E.g. check out for example standards like DO-178C (for software in airborne systems), where you even have to _prove_ correctness of every tool and dependency you use, on top of accountability and traceability of every single line of code in your own product.
Not to be pedantic, but people have died from software programming bugs being a primary contributing factor. One example: Therac-25 (https://en.wikipedia.org/wiki/Therac-25)
I only meant this in relation to Crowdstrike incident that was mentioned in the comment I replied to. The standards and regulations in those other industries have changed dramatically (for the better) since Theract-25.
I mean, that was over 40y ago. Same thing for the Ariane 5 failure which is a staple of safety-critical classes (at least in Europe), it's not getting any younger.
If all the examples you can conjure are decades old*, is it any wonder that people don't really take it seriously? Software power the whole world, and yet the example of critical failure we constantly hear about is close to half a century old?
I think the more insidious thing is all the "minor" pains being inflicted by software bugs, that when summed up reach crazy level of harm. It's just diluted so less striking. But even then, it's hard to say if the alternative of not using software would have been better overall.
* maybe they've added Boeing 737 Max to the list now?
> If all the examples you can conjure are decades old
They're not ALL the examples I can conjure up. MCAS would probably be an example of a modern software bug that killed a bunch of people.
How about the 1991 failure of the Patriot missile to defend against a SCUD missile due to a software bug not accounting for clock drift, causing 28 lives lost?
Or the 2009 loss of Air France 447 where the software displayed all sorts of confusing information in what was an unreliable airspeed situation?
Old incidents are the most likely to be widely disseminated, which is why they're most likely to be discussed, but that doesn't mean that the discussion resolving around old events mean the situation isn't happening now.
In aviation, accidents never happen because of just a single factor. MCAS was mainly an issue in lack of adequate pilot training for this feature, AF447 was complete incompetence from the pilots. (the captain when he returned to the cockpit, quickly realized what was happening, but it was too late)
There's almost never a death where there is a single factor, regardless of aviation or not. You can always decompose systems into various layers of abstractions and relationships. But software bugs are definitely a contributing cause.
Another way to put it is that people have to literally die before a company is taken to task over their product's quality. What a sad, low bar for a product!
What about the less obvious ways people are dying. Teen suicide rates have been directly linked to social media, for example.
And memory leaks (one of the main gripes of TFA) aren't even a thing because you cannot use malloc in this sort of code.
People died in Boeing 737 mcas incidents and what? Hot fix and business as usual.
Unless bug results in enormous direct financial loses like in Knight Capital, the result is the same: no one held responsible, continue business as usual.
> and had an estimated 10 Billion Dollar economic impact
This might be more to do with these estimates than anything.