That's true, and it isn't hard problem. But note that audits are also a hard problem. Auditing teams don't go through and reconcile every transaction. They conduct spot checks of sample transactions and scrutinize controls, and aggressively follow up when any failure of controls is observed. I think a lot of those concepts could be applied to code audits.
I think a better approach would be requiring that developers (and their managers and testers etc.) working on software that could kill or injure people if it malfunctioned have some sort of a professional license, that would be granted and revoked similarly to how medical and engineering licenses are granted and revoked.
I'm not opposing this idea, but I'm not sure it would have helped in the VW case. There were some people (engineers? Managers?) who were cheating and they knew that what they were doing was wrong. I don't believe a license would have changed that.
Other people have raised the question of how well the prospect of losing a license would act as a deterrent.
One other aspect which might be even stronger would be if the professional organization had a role not unlike a union in protecting its members’ professional decisions. Imagine if you worked at VW and your boss told you to make a change which affected safety, emissions, etc. – how different might your reaction be if you know that if you refused or reported it to the appropriate regulators and there were repercussions the Bitpackers Guild could provide legal representation and expert witnesses for you, stage a strike where no licensed engineer would work for an irresponsible company, or simply ensure a lot of publicity? Suddenly it's not “go lean on Sally until she gives the engineering sign-off. She can't afford to quit until her kid's out of college” but “do we want a team of professional engineers to hold a press conference saying we're cutting corners over our experts' judgement?”
There are certainly potential downsides but … anyone who drives a car, uses medical equipment, etc. might reasonably conclude they're worth it, particularly if the system was structured to focus on transparency and due process rather than the pathology some unions are prone to where members are always defended even when they're in the wrong.
If a developer is asked to do something obviously wrong they might not feel they can refuse, because they can be replaced with someone willing to do it.
If an architect is asked to design a bridge that isn't safe they can refuse, secure in the knowledge they can't be replaced with someone willing to do it, as no licensed architect will knowingly design an unsafe bridge.
Of course, a licensing scheme would probably have a bunch of disadvantages.
Perhaps the threat of having their license pulled, thereby nullifying potential future employment might have caused them to think twice about wilfully cheating emissions controls?
While the FDA may not be a great regulatory group, if someone at a pharmaceutical were found to cheat like this they could potentially be barred from working in the industry again. This works in some cases, at least in theory.
While I don't agree with the license requirement the least we could require is publication of the source code and validation by an industry body made up for subject matter experts for safety critical code.
Even the possibility of an external source code, revision history, requirements etc... audit would change working practices dramatically ... particularly if there were legal penalties against developers found responsible for introducing bugs.
There's no way in Hell that I will consent to be held responsible for the output if I do not have full control over the inputs.
If I am an employee of the company, and someone else is telling me what to do for my job, and particularly if they are telling me how to do my job, they must necessarily share responsibility for anything that I do pursuant to obeying those instructions.
And threat of retribution leads to stupid practices:
public void CoverYourAss()
{
try
{
int x = 0;
}
catch
{
throw;
}
}
This is a simplified example of a real-world coding standard. At one of my former workplaces, everything had to be wrapped in a try-catch block, including statements that would only ever generate run-time exceptions, like out-of-memory exceptions. It didn't matter if you re-threw the exception you just caught. You just had to make sure the try-catch was there. In every function. Or you're fired. I am not making this up. If the software ever crashed to desktop for any reason, including a bad memory module in the computer running it, or someone nuking parts of the filesystem while it was running, or even a bullet striking the motherboard, someone was getting blamed for it on the development team, and fired. As it would be a witch hunt anyway, the inquisition squad would obviously look at the code written by those most threatening to them, or least popular, or both, before anyone else, and seize upon any irregularity to lay blame.
You'd better believe I was sending out resumes the day I found out about that.
I can only imagine how bad it would be if the penalty was to be fired plus arrested and/or sued.
You really have to remove the incentive to cheat from the software group before the tests happen.
A defeat device does not get installed accidentally. It's not like a mutation propagating through evolution of living things. Someone decided to put it there, and someone got paid to do it. There was an additional requirement added, one that had no official test coverage. It was to increase fuel economy and produce more pollution when no one was paying attention to the emissions.
As far as the developers were concerned, they did everything right. They built the code their employers asked them to build. It passed the official tests. This was a triumph; I'm making a note here: "huge success!"
The developers worked for the automakers, not the testers or the public. They did what VW wanted, which was to game the system to make more money. You're not ever going to do more than start an arms race as long as the developer is taking orders (and getting hired or fired) by the guy who just wants to sell more cars.