@mr_widget It's interesting to look at what the FDA is doing re: software that could kill device users. At a high-level, I understand that (1) They publish a set of software development guidelines. (2) They require device manufacturers to have similar processes in place and to provide paper trails. (3) They reserve the right to audit source code after an event and to pull the device off the market if their static analysis tools, e.g., can catch the flaw that caused the problem.
Unforunately, automotive industry is the wild west by comparison.