by. Han Keun-hee
Unlike an automobile, an airplane is not manufactured at all times, but only after the sales contract is signed by a customer. Different parts of the airplane are made at different factories simultaneously and in parallel, they are shipped to one place and assembled in a hull. In the course of such a process because of the special characteristics of an airplane, when something goes wrong colossal damage to lives can happen, the process is placed under an unyieldingly tight quality assurance. In fact, when Boeing finds a flaw in hardware in the course of manufacturing an airplane, it stops the process for months until it finds the cause. For months, they are willing to stop the production line.
What would happen if such process was applied to the field of software development
The codes of a piece of software do not cause any significant danger in the course of development of course, but after the product is launched, many problems (the bugs) may emerge Software companies tend to have to follow up with countless patches, spending huge sum of money to resolve the bug problem.
As the area of industry that uses IT technology based on the originality of software has rapidly grown, the industry is developing in the direction of maximization of diversity and economy of scale. The app services used by smartphones, such as those used for entertainment, including game and video, used to be the lion’s share produced, but now, many users have expanded their patterns of use to include physical exercise, healthcare, and education. Such services which used to be interfaced through the smartphones are now being interfaced by wearable devices that come in a variety of forms, such as wrist watches, bands, glasses, etc. As the cloud computing environment is generalized and the technologies to process and analyze the big data develops, changes are taking place fast. In other words, it became relatively easier to apply the IT technology to the areas where IT used to have no business being, and the scope of features in a wider range of industries that must be utilized by software is growing larger and larger.
Usually, software is recognized to be a part of IT, but not only it is an independent area of its own, but also it is a common foundation technology essential to the convergence and compound technologies not included in IT, such as automobiles, medical devices, etc.
This becomes obvious when you take a look at the rates of use of software in different industries. For example, 30% or more of an automobile is said to be operated by software, and it is 80% or more in case of an F-22 jet fighter. The ratios are growing at an explosive rate in the areas of medical devices and military equipment.
The size of global software market is about KRW 1,000 trillion, and the employment capacity of the software industry is about 10 times of that of manufacturing industry. However, the portion of Korean software production and knowledge service industries is at about a half of that of advanced nations and the number of employment opportunities is also about a half. All computing devices, equipment, and hardware when operate by software is subject to many ‘illnesses’ (flaw, error, fault or weakness) and hackers make their attacks using such illnesses. Thus, throughout the process of the planning and preparation phase to the development of an IT system, to operation and management, the flaw, error, fault or weakness that can occur to a piece of software must be pre-inspected and eliminated, so that the IT system will become healthy and safe. Even professional hackers cannot easily attack a piece of software, if it is developed in such way. It is imperative to develop a piece of software based on secure coding.
Recently, the number of cyber threats and attacks on social infrastructures, such as government offices, national defense, hospitals, airplanes, etc., and their related IT systems is rising, and the attention on the security of software is subsequently growing. In fact, China was able to manufacture their own knock-off stealth jet fighter, after the data on F-35 stealth jet fighter was leaked through a defense contractor. This made the world realize that making software more secure is more important than anything else.
Dick Cheney, the Vice President of the United States, is known to wear a pacemaker, and a hacker once demonstrated that the pacemaker could be hacked to malfunction, by manipulating the software that moves the pacemaker.
The packaged software or solution is offered to users through many channels and steps, and even if a piece of software were certified to be genuine, no one knows what kind of Trojan Horse or malignant code is hidden inside. When developing a large-scale IT system, hundreds or thousands of people get involved in the development process over the long-term. How could one make sure that no Trojan Horse or malignant code is inserted at any stage of the development or that no inexperienced developers are writing the code without any error at all
In order to make sure that the software is secure, the U.S. federal government, including the Department of Defense, Department of Homeland Security, National Security Agency, etc., are concentrating upon the development of Software and Supply Chain Assurance, which will guarantee the security of a piece of software and that the guaranteed software will be distributed safely through a supply chain that features authorized channels and procedures. The U.S. government has put the top priority on ensuring the reliability of software and strengthening its industrial competitiveness, and that there is an officer in charge of cyber policies performing the role of control tower through NSC/NEC. Korea must also start establishing a system of assurance by which the software developed in the country is guaranteed for security and the supply chain will be maintained in a good way.
