Actually it isn't necessary. Unlike bridges, very little software is safety critical. Clients don't need to try to distinguish good from bad software development, they can just require a certain level of performance and reliability in the contract with clear financial penalties for failure.