Skip to Main Content
The self-regulation of critical products doesn't work - certification by overseeing bodies is necessary. As software invades more areas of everyday life, certification of systems containing software is increasingly important for governments, industry, and consumers alike. Even if an organization isn't worried about safety, it must consider the consequences of using mission-critical software that isn't certified or qualified as fit for purposes. The US Sarbanes-Oxley Act of 2002, for example, imposes stringent requirements on companies' financial IT systems. Many standards bodies and licensing authorities describe attributes of processes by which software should be developed to meet certain standards or certification criteria. However, a good process on its own doesn't necessarily result in high-quality software. Standards and certification processes should be primarily product-focused rather than process-based to raise the certainty in evaluation of software reliability. Evaluations should be based on direct evidence about the product's attributes, not circumstantial evidence about the process.