Why Trustworthy Software Is Essential for Industrial Safety

In a world where corporate trust is increasingly hard to earn, industrial organizations face even higher stakes. Unreliable software can lead to costly downtime, intellectual‑property theft, and, in extreme cases, loss of life.

Recent reports show a surge of interest in trustworthy software, especially for the Internet of Things (IoT). The stability of the digital economy depends on people and businesses confidently using computing technology. Yet, as the National Institute of Standards and Technology noted in 2016, trust is now more fragile than before.

Several leading organizations now make trustworthiness a core mission. The UK‑based Trustworthy Software Foundation, founded in 2016, promotes best practices. The Linux Foundation’s Project Alvarium, launched last year, explores mechanisms for trust in heterogeneous systems, including IoT deployments. The Industrial Internet Consortium (IIC) actively champions trust in industrial IoT.

Outcomes to Avoid

Bob Martin, co‑chair of the IIC’s Software Trustworthiness Task Group, warns of the consequences of deploying untrustworthy industrial software. He cites the 2004 incident where a software bug caused air‑traffic‑control systems in Southern California to shut down, diverting 800 commercial flights for over three hours. Other notable failures include a radiation‑therapy machine that caused fatalities in the 1980s and a 2007 power outage in Tempe, Arizona, stemming from a vendor engineer’s misconfiguration.

Martin stresses that “real systems in the industrial IoT space can expose you to errors that you wouldn’t want on your résumé.” With the explosion of connectivity, many new professionals are designing critical processes without fully understanding the risks.

Creating a Common Trust Language

Trustworthiness in industry covers safety, security, privacy, reliability, and resilience. According to the IIC, trustworthy software must endure environmental disturbances, human error, system faults, and cyber‑attacks.

Simon Rix, product strategist at Irdeto, explains that achieving this requires a lifecycle‑wide approach. “You must embed security from the outset and automate it,” he says. Rix also highlights the challenge of aligning business and technical stakeholders, urging a “translation key or Rosetta Stone” to bridge differing perspectives.

Frameworks Provide a Starting Point

While frameworks can help stakeholders discuss trust, Martin notes the term’s variability can hinder action. The first concrete step is to install controls that secure both safety and cybersecurity. However, these measures must be continually audited, warns Chester Wisniewski, principal research scientist at Sophos. He cautions that even robust technologies like the Advanced Encryption Standard can be misused if not properly applied.

Another pitfall is neglecting the software’s lifecycle. Martin advises distinguishing between “end of support” and “end of use.” Even if a vendor stops supporting a product, it may still function. Therefore, contracts should secure source‑code rights for critical software.

Ultimately, understanding software in the real world demands long‑term focus. “Software is not magical; it reacts, interacts, and sometimes needs replacement,” Martin concludes.