Crackdown targets 'unsafe' systems

Secret government paper leaked to silicon.com...

The UK's Health and Safety Executive (HSE) is planning a crackdown on 'unsafe' software, in a delayed reaction to the date-change chaos of 18 months ago. In a discussion paper obtained by silicon.com, the HSE admits it has no legal power over software packages and calls for legislation to force suppliers to ensure that software "is safe, so far as it is reasonably practicable, when it is being used for its intended purpose at work". The new law would hit suppliers, consultants and contractors working in the transport, medical and manufacturing sectors. The HSE hopes a criminal law will be a more effective deterrent for integrators than the fear of being sued for damages. But the Computer Services and Software Association believes the changes are unnecessary and will damage business. Tim Conway, director of industry affairs at the CSSA, said: "Most software companies already follow very stringent processes and quality standards. "If the legislation proposed promotes higher standards of duty of care and liability, it would affect the competitiveness of the UK for these types of systems." The HSE proposals are a reaction to the concern over the millennium bug, when experts warned that defence, medical and transport systems would grind to a halt. The paper's author, Steve Ives, writes: "This is a real issue as it was clear from the millennium date change issue that manufacturers and suppliers, despite knowing that there was scope for problems with software driving safety critical applications, failed to supply safe and suitable software." The HSE is keen to crack down on poor documentation, upgrade faults and the failure to keep software up to date. It has already contacted other EU member states and has discovered this loophole in safety law is Europe-wide. A spokeswoman for the HSE said: "We can't second-guess the law. We can only act on our advice, and we need to put software producers on the same level as manufacturers." Conway said: "I don't see the necessity of a new piece of legislation. It raises the spectre of placing the UK at a higher level of risk and liability than elsewhere."