Many s/w project spend big % in debugging mode possibly because developers started with fuzzy, missing and incorrect requirements. We used to do fixed-price project by talking the time to estimate each activity using the triangle distribution and PERT. It worked very well and each party was kept happy. People underestimate software size.
Some areas (process control, telecom) have reference models and developers create new applications based on these models. Unfortunately, most developers tend not to use proven reference models and prefer to be creative and craft a new solution even though _it_has_all_been_done_before (one of Achilles' heels of CS?). Analogical; reasoning is not on the radar screen.
A large subcategory is all sorts of vending/gambling machine with various hardware/ security/national laws etc. (an ACL application).
In the past I used to design and set up VAX/VMS (best OS ever) networks with 1000 users in oil/gas. Security was important and we used the seminal Reference Moniitor
http://h41379.www4.hpe.com/doc/84final/ ... l#acl_part
Later I generalised it (==> the category Access Control Systems
) to all kinds of systems and software architects I trained used it with great success.I actually spoke to one about this very topics
And there are architects who do not know/want to know RM and just develop their own model which in mot cases is not completely correct.
constructing software system is like constructing an interlocking set of mathematical proofs -
CS is not there yet IMO, (you don't learn it at uni). Maybe more like Lego assembly with plugs and sockets.