Software Helps Solve Some of Humanity’s Biggest Issues: and the Challenges that Brings

By Rod Cope, CTO, Perforce.

  • 1 year ago Posted in

A majority of the world's most significant innovations today — whether it is for transport, industry, energy, healthcare, or whatever — depend on software. Regardless of whether everyone agrees with them, the indisputable fact is that many of the recent engineering, science, and technological milestones and those in development right now would not be possible without software. That brings some huge collective responsibilities to ensure that software does its job safely and securely, particularly where human life is involved.

One area, in particular, is biotechnology, where more information is being digitised to speed up processes and new developments while reducing costs and errors. Similar to infrastructure-as-code, biotech-as-code is where knowledge is captured and made repeatable, scalable, and maintainable. Consequently, considerable traditional toil work is eliminated, enabling innovations to happen faster.

Biotech-as-Code

AI techniques are being used to predict protein-folding within DNA, which was, until recently, a seemingly impossible goal. However, DNA sequences can now be converted into code text strings, and analysis performed more efficiently, even if billions of characters are involved. As a result, scientists can observe patterns, repetitions, or relationships within that data, removing the need for years of manual lab testing. This has enabled scientists to not only better understand DNA but also possibly be able to fix defects, prevent diseases, implement reverse aging, and improve people’s memories.

The incredible work of Google DeepMind is worth calling out in this context, such as the AlphaFold project, which has shown the system the sequences and structures of approximately 100,000 known proteins. Now, the latest version of the system can predict the shape of a protein at scale in minutes, with atomic accuracy.

Similarly, in drug discovery, vast test volumes can be simulated using AI. Imagine seeing how millions of new drug compounds could work in the body, dismiss the majority of chemical combinations, and focus on the most likely candidates. Again, many tasks can take place long before testing in a physical lab where robots can mix chemicals and report on the results.

In addition, geography is no longer a limiting factor: there are already innovative start-ups helping surgeons remotely operate on patients using robotic arms and augmented reality.

Likewise, advancements in satellite-based telecommunications — again, software-dependent — could theoretically make high-speed broadband available to every citizen on the planet. Should the powers that be so chose, that would significantly contribute to developing countries.

Transportation and Energy

Far beyond electric and hybrid road vehicles, transportation as a whole has seen some of the most significant advancements in software and hardware. For example, battery-electric power is now being introduced to trains, replacing diesel fuel, which has huge potential to reduce carbon emissions. While still relatively recent, California has begun to roll out battery-electric trains.

However, it is not only modes of ground transportation that have seen advancements. Sea transport is set to benefit from electric power too. Toward the end of last year, the world’s first fully electric autonomous cargo ship set sail in Norway, with the potential to cut costs and air pollution. Furthermore, in September of 2022, Alice — the world’s first electric plane from Eviation — had its maiden flight in the skies above Washington state.

Investments in intelligent transportation infrastructure continue too. All these innovations depend on software in one form or another, from virtual prototyping and testing to the systems that keep everything running smoothly.

Those same investments in software that have benefitted intelligent transportation infrastructure have also made a substantial contributions to energy innovation. With the global energy crisis firmly embedded, the spotlight is on the need to accelerate the development of fossil fuel alternatives.

The race is on to have sustainable, large-scale fusion power within 20 years. This will require vast amounts of predictive modelling and testing, as well as R&D on a scale unimaginable without AI-driven software techniques and tools — many of which derive from the IT world.

Challenges

The impact of all these advancements is incredible, but there are some significant challenges to overcome, especially security and safety as human life is often involved. Computer crashes, for example, are not created equal : a game console failing — while an annoying inconvenience — is relatively quite minor; while a plane’s computer crashing is potentially a tragic event, so risk management has to be a priority.

Of course, there are multiple elements to ensure software safety and security, but since most vulnerabilities stem from the development stage, this has to be the starting point. If those mistakes are not identified and resolved, they could enable hackers to exploit those errors, which could lead to software malfunction or open the door for confidential data to be illegally sold on the black market.

Fortunately, many markets are already or increasingly compliance-focused, especially the automotive industry, which has been at the forefront of safety and security standards for decades. Autonomous and flying vehicles put even more scrutiny on software safety and security, and we are witnessing more high-tech start-ups entering this industry, so these requirements do not just apply to traditional organisations in this sector.

Many of the automotive industry standards mandate the use of coding standards, but even when they do not, the use of coding standards is on the rise. According to Perforce Software and Auto IQ’s report, the 2022 State of Automotive Software Development, 86% of the survey’s respondents use at least one coding standard in their development process.

Coding Standards

Coding standards can be thought of as sets of guidelines that capture many years of expertise from different people to help others write code that minimises ambiguity and error so that security and quality are inherent from the start of the software development process. Security-focused coding guidelines include the likes of CERT, CWE, OWASP, and DISA STIG.

Here is an example of how one might work: The CERT C Rule ARR30-C says, ‘do not form or use out-of-bounds pointers or array subscripts.’ An ‘out-of-bounds pointer’ vulnerability could be used by an attacker to overwrite an arbitrary memory location with an attacker-supplied address, resulting in arbitrary code execution and creating a vulnerability to be exploited.

Since coding standards can involve hundreds of different rules and cases of rules, they are typically used in conjunction with static analysis tools to reduce manual effort. Also referred to as static application security test (SAST) tools within a security context, these analyse software without actually executing the code.

The latest generation of these tools can find very complex defects that, traditionally, only dynamic analysis would detect. The advantage of this is that flaws can be found earlier, saving time, effort, and cost. Combined coding standards and static analysis tools also engender better coding practices and support compliance processes.

Free Software Security Resources

There are also many resources — often free — to create better awareness of some of the biggest and most current security risks. For example, the OWASP Top Ten lists the most common vulnerabilities in open-source software and web applications. Another resource is the National Vulnerability Database (NVD), which is US-managed but referred to globally and includes databases of security checklist references, security-related software flaws, and vulnerabilities.

A final but important point is creating the right mindset. Traditionally, security, compliance, and risk management have not been software development priorities. While that is changing, there needs to be more emphasis on being ‘security-first’.

Steps to take include ensuring everyone knows the risks, their role in mitigation, and greater visibility and traceability across the entire software development lifecycle. After all, knowledge is power. And, granular access to codebases is also essential, with people only having access to what they require to perform their jobs.

Challenge Accepted

We are on the brink of some massive innovations. That being said, what the next few years have to bring is hard to predict and — of course — is influenced by economics, politics, and other factors. Regardless, one thing is for certain: Software has a critical role to play in solving some of humanity’s biggest challenges, therefore it is paramount that safety and security are prioritised in the development stage.

Reference sources:

Google Deep Mind: https://www.deepmind.com/research/highlighted-research/alphafold

Alice electric plane: https://www.popsci.com/technology/eviation-alice-electric-plane-first-flight/

Battery-electric trains: https://www.wired.com/story/battery-powered-trains-gather-speed/

Battery-electric container ship: https://www.resilience.org/stories/2022-07-28/making-waves-electric-ships-are-sailing-ahead/

By Anugraha Benjamin, Manager, Infrastructure at Progress.
By Hans De Visser, Chief Product Officer, Mendix.
By Andy Mills, VP of EMEA for Cequence Security.