Featured White Papers
Content provided in partnership with
Government Industry
Software Certification
Air Safety Week, Oct 31, 2005
Recall the situation in which a Malaysian Airlines B777-200 experienced pitch-up as a result of faulty software, which prompted issuance of an emergency airworthiness directive (see ASW, Oct. 3). Pending a permanent fix, operators are told they should revert to previously installed air data inertial reference unit (ADIRU) software. The problem prompted us to wonder what was the level of criticality to which the software was certified? According to the FAA, the software was certified to the highest level, or critical.
The problem seems to be in the update regime (although the previous version also had problems). An original software system can be certified to the highest level, but what about changes, as in a new software release every year? Each release is essentially a new system, however, it does not have to be recertified from the ground up. So how does the regulator ensure that the software is of the same sort of quality attained with the original certification? According to numerous software experts, it can't. Logically, one should go through the same rigmarole all over again, but that is problematic. Result: occasionally, parts of the system that used to work no longer do, as seems to have happened in the Malaysian Airlines plane.
Certifying Software
The FAA position on the B777's ADIRU software:
The relevant regulation, 25.1309, establishes the principle that the more severe the hazard resulting from a system or equipment failure, the less likely that failure must be. Failures that are catastrophic must be extremely improbable.
Advisory Circular (AC) 25.1309-1A, published in 1988, provides a method for showing compliance with 25.1309. To do so, it established three hazard categories of failure conditions, each with probability limits:
* Catastrophic failures
* Major failures (with a subcategory of severe major)
* Minor failures
The FAA and industry recognized that probability of failure cannot be established for software in the way it is for hardware, so a different method was developed for sotfware to show compliance with * 25.1309. This method is laid out in several standards jointly developed by industry and the authorities. The key document is RTCA DO-178 (and its European counterpart, ED- 12). DO-178A, the version under which the Boeing 777 ADIRUs were approved, established three software levels, based on the "importance" of the system. Instead of using probability of failure, the software for more critical systems receives higher degrees of scrutiny and control in development, verification, and configuration management. These different degrees of scrutiny and control are called "software levels."
* Systems that are Critical ? Level 1
* Systems that are Essential ? Level 2
* Systems that are Non-essential ? Level 3
DO-178A was subsequently revised (DO-178B) to correlate more closely with the failure-based approach of 25.1309, rather than using system criticality as the basis for establishing software levels. In addition, the three levels were broken down into five. To prevent confusion with the levels in DO-178A, they were redesignated with letters, rather than numbers:
* Catastrophic failures ? Level A
* Hazardous (basically, the same as severe major) failures ? Level B
* Major failures ? Level C
* Minor failures ? Level D
* Failures with no safety effects ? Level E
AC 25.1309-1A is currently in the revision process. The most recent version proposed by the joint authorities-industry committee is called the "Arsenal" version. In this latest proposed version, the hazard categories are aligned with the software levels in DO-178B. The European Aviation Safety Agency (EASA) equivalent guidance, AMC 25.1309, already includes this realignment.
The Boeing B777 ADIRU was approved at DO-178A Level 1. This corresponds to Level A under DO-178B. Although DO-178B provided refinements to the methods, the safeguards provided by DO-178A Level 1 are similar to those provided by DO- 178B Level A.
Source: FAA
[Copyright 2005 Access Intelligence, LLC. All rights reserved.]
COPYRIGHT 2005 Access Intelligence, LLC
COPYRIGHT 2008 Gale, Cengage Learning
Find Research Guides for:
Find Featured Titles for: Reference
- Academe
- African American Review
- African Arts
- African Studies Review
- Afro-Americans in New York Life and History
- Alabama Heritage
- Alabama Review
- American Mathematical Monthly, The
- Anglican Theological Review
- Annals of Dyslexia
- Arab Studies Quarterly (ASQ)
- Auk, The
- Australian Journal of Anthropology, The
- Christian Century
- Natural History
Most Popular Articles in Business
- Research and Markets : Tesco Plc - SWOT Framework Analysis
- Do Us a Flavor - Ben & Jerry's Issues a Call for Euphoric New Flavors
- eBay made easy: ready to start an eBay business? These 5 simple steps will ...
- Katrina's lawsuit surge: a legal battle to force insurers to pay for flood ...
- Wal-Mart's newest distribution center opened last month near the southwest ...
- More »