Software testing is changing, and fast. TrustInSoft’s first software assurance report, called ‘2025 State of Software Assurance Report’ and conducted in conjunction with Ferrous Systems and Hitex, shows that teams building critical systems are moving away from reactive testing and to something far more deliberate – to prove that bugs can’t happen at all.

The report provides a closer look at how engineering leaders across automotive, aerospace and embedded systems are recalibrating their approach to risk, compliance and software correctness. And while every team’s journey is different, the direction is unmistakable.

Memory safety is no longer optional

Engineers are signalling a shift in priorities: memory safety is now viewed as a prerequisite for mission-critical systems. Whether it’s protecting a powertrain controller or a flight system, development teams are designing in safety from the start rather than adding it on later.

Traditional tools have shown their limits, with static analysers indicating false alarms and bugs escaping undetected during runtime testing – all of which adding to developers’ frustrations. What’s increasingly required today is greater certainty, which can only come from tools providing exhaustive coverage, path sensitivity and formal guarantees, not just spot checks and heuristics. We are increasingly seeing formal methods, once considered niche, moving in. Techniques like exhaustive static analysis and mathematical verification aren’t just for academia anymore. As regulatory pressure increases and system complexity soars, increasingly teams are evaluating formal methods.

As hybrid codebases expose blind spots, we are seeing modern system programming languages like Rust gaining traction, especially where safety and performance are important. Rust focuses on safety, speed and concurrency, but it is rarely used alone, which can introduce errors. Legacy programming languages like C and C++ are well established and widely used, but when combining them, it can introduce new risks. The report captures developer concerns around such mixed-language projects, where existing test pipelines often fall short.

Compliance sets the pace

Equally, new industry standards are pushing software teams toward traceable, auditable testing processes, making it more than just a paperwork problem, but a technical one. It is also making tools that offer mathematical assurance more relevant than ever.

So, as this year’s TrustInSoft’s ‘2025 State of Software Assurance Report’ highlights, there is a pivot from detection to prevention. Teams are not just asking if software works, but whether it can fail at all. This is a trend that will define the next decade of software assurance.

The report also highlights another crucial aspect among developers: those most invested in testing are also the most frustrated with the status quo. They’ve hit the ceiling of what traditional approaches can do, seeking a difference from new ones.

Code coverage isn’t one size fits all

Many agree that, in theory, the more code coverage there is, the better, even though this is not always evident in practice. In practice there are many factors influencing outcomes, including testing maturity, legacy systems and hardware constrained environments.

Testing time and effort vary greatly depending on many factors in the code, making efficiency an ever-present factor when aiming to achieve quality and reliability. Different sectors are addressing these issues differently, and more can be learned from the report.

By Caroline Guillaume, CEO, TrustInSoft