"reviews of flight code need to be, "How can this crash the plane?"
well... it IS the case, in theory.
The quite old DO-178b standard define 5 levels of dev process, from the "A" level (a failure may lead to a plane crash - Most of embedded software is rated at this level) to the "D" level (no real impact - Usually used for the maintenance software which is allowed to be used only in the hangar - And yes, the bootstrap preventing the use of such software in flight is A-level).
The "E" level is a bit special, as it refer to any non-DO software (quite rare actually. Even In Flight Entertainment softwares are classified as level C or D, as a failure of those will lead to additionnal work for the cabin crew : passengers are usually quite nervous when faced with a BSOD in a plane, i wonder why...)
Practically, due to budget constraint, the software activities are subcontracted by the "stamper" to the "best" (AKA lowest) bidder. The one with the cheap right-out-of-the-school graduate.
Me? I'm on this turf since 1999...