"Why do software-related failures occur? In part - and I would claim in large part - it is because those who develop such systems are not trained in basic software development," Knight told a meeting of the BCS Safety-Critical Systems Club.
"They can often produce software that provides certain basic functionality, but they fail to understand or are completely unaware of topics such as the crucial importance of specification, the difficulties that arise in concurrent programs, the limitations of testing, the effects of rounding error or the lack of timing predictability in processors."
Knight said that whereas other engineering disciplines were supported by specific degrees - electrical engineers, for example, complete electrical engineering degrees - computing undergraduates typically receive limited education on software engineering.
"To be a successful and responsible professional in safety-critical systems, a developer must understand the intricacies of a large number of fields, including real-time systems, formal specification and dependability assessment, among others. In a typical computer science degree these topics might only be options and a student would only be able to take one or two," Knight said.
Another problem with software engineering is that there is no agreed set of topics in which an engineer should be trained, Knight said.
In traditional branches of engineering there are well-established scientific principles. Civil engineers, for example, can use elements such as data about materials to work out the strength of a structure.
Knight said software failures could not be eliminated totally. "Mistakes in software development will continue to be made, no matter how carefully the software is built, and failures will continue to occur: that is the way things are in engineering. But the current situation is unacceptable, and far worse than most people realise," he said.
The answer lies in proper training, and an appreciation of its limitations. "Ensure that those building safety-critical software are properly trained. Ensure they know how to apply the training they have. Ensure they understand the limitations of their training. Knowing the syntax of Java does not make someone a software engineer," said Knight.
"Just as in other fields where the consequences of failure are very high, ensure that practitioners are properly monitored by their colleagues, independent auditors and government regulators.
"The cumulative losses associated with software-related failures have become very high and the situation must be addressed quickly and effectively."