Accredited, industry-recognized certifications giving engineers the authority to stop projects that don’t adhere to safety standards have long been required in chemical, architectural, electrical, and other safety-critical industries.
So why not for software?
In this show, we talk with Trace Bannon, senior principal, software architect and researcher at MITRE, and Dan Wittliff, who in 2006 started chairing the software engineering licensure consortium under NCEES (National Council of Examiners for Engineering and Surveying. Then, starting in 2019, he chaired the software professionals task force for the National Society of Professional Engineers, out of which came a pilot exam for Systems Software Integrators, SSI, focused on secure development and integration across the software product supply chain.
Interview can be found here.
During this interview, Trace and Dan talk about the need to train and certify at least one software engineer in critical software product companies that gives them the authority to stop or approve products based on their security profiles.
“States have not yet implemented licensure for software engineering, but there’s movement within the government and military software engineering space that is pushing this forward,” Trace explains. “So, you’re going to see RFPs from government asking about this role, that will impact their decisions on software products.”
Dan iterates that just because state by state licensing requirements haven’t come to pass, “We still need an independent way to ensure the employer of that person is licensed to do the work of a systems software integrator.”
He explains how software engineers including himself, Trace and many others have spent thousands of man hours working out a basic framework for generalized certification and training that, once accepted, can be customized for specific safety-critical verticals.
“One of the pieces of feedback we got from employers of developers, engineers, and integrators was they did not have a means to validate this person’s experience or credentials. What we’re creating is a national and transportable certification that would speak to these needs across the globe,” Dan adds.
Dan and Trace describe the years of training, coursework and apprenticeship that go into the making of a truly qualified certified software engineer with the clout to stop or approve projects across the product supply chain, and how the role will enhance and feed into the movements for Bills of Materials (SBOMs, and other related forms of BOMS). They also describe some of the requirements under a newly-minted Software System Integrator (SSI) training and certification program available under the National Institute for Engineering Technologies (NICET) and at some select universities across the U.S.
But their work is far from done, and there are plenty of opportunities for specific vertical industries – and individual expert software engineers to get involved.
Resources and links:
Tracking regulatory compliance in critical software products
NIST’s Workforce Framework for Cybersecurity (NICE Framework)
MITRE Supply Chain Security System of Trust Framework
Meeting functional safety requirements during software development
