Professional Documents
Culture Documents
DO-178B Pub Talk
DO-178B Pub Talk
Page 1 of 8
“I can solve your problems in the DO-178B software development,” I offered. “We’ve
run the DO-178B lifecycle successfully several times. We know the challenges – and the
solutions.”
“That’s what I’m hoping,” confided Ron. “Our business has never really succeeded in
DO-178B development. We’ve had DO-178B certification as a stretch goal for several
programs, but it has always been overcome by events. This time, DO-178B certification
is a top-priority requirement, and I need your help to spool me up.”
DO-178B in a Nutshell
I jumped right into my DO-178B elevator speech.
“DO-178B is all about ensuring safety in your critical airborne system development. You
achieve that by meeting the objectives of the software life cycle processes, capturing your
development plans and performance requirements, and proving – with documented
evidence – your success in satisfying those objectives.”
“What makes it different from other software specifications?” Ron asked.
“We often construe DO-178B as a specification that demands compliance. However,
DO-178B is a guideline, not a specification. As a guideline, ‘compliance’ is an
ambiguous characteristic. It is often said that our development process must meet the
‘objectives of DO-178B’. Stating it as a guideline instead of a specification does not
necessarily relieve the developer of responsibility. Quite to the contrary, satisfaction of
objectives is much less verifiable than compliance to specifications. Therefore,
satisfaction of the DO-178B objectives is dependent on the subjective assessment of the
FAA certification authority. In most cases, the development team works with a
designated engineering representative (DER) that ascertains fulfillment of those
objectives. Since fulfillment is based on the subjective interpretation of the DER, a
consultant that has successfully satisfied DER interpretations can add tremendous value
to the program planning and execution.”
Page 2 of 8
involving a commercial and a military aircraft?” I replied. “If commercial aircraft are
going to be exposed to an environment where military aircraft are also present, then the
military aircraft should meet the high level of system and software safety considerations
for commercial aircraft. Otherwise we are exposing the commercial passengers to added
dangers.”
“You know,” Ron snickered, “we used to relate military and commercial aircraft safety
standards by comparing the flow of money. Passengers pay to fly commercial aircraft;
military personnel get paid to fly theirs. That’s why there were always stronger safety
and reliability standards in commercial aircraft.
“So now we are making a transition to adapt our processes to be more aligned with the
objectives of DO-178B,” continued Ron. “That’s why I brought your team on board to
do the software development. I needed someone who knows the path and can teach us
the way. Essentially, you’re our trail guide.”
“Trail Guide Vince reporting for duty,” I remarked with a military salute. “That’s not
uncommon. Component developers in the aerospace industry need to focus on their core
competencies. Let the guys whose core competency is safety-critical controllers deal
with the DO-178B guidelines. Lately, that has been a big discriminator for my business,
and many system integrators have called on us for similar support.
“Companies that have not developed applications to DO-178B might use small, low-risk
projects to learn to deploy DO-178B processes. Other times, they use larger projects in
order to lock-in management support. There are risks in both of these cases. Smaller
projects do not have the budget for a large undertaking as a first-time deployment of DO-
178B practices. Large projects take on a heavier risk with any significant process
change. DO-178B defines a life-cycle process, and mistakes made early in the program
can haunt your throughout development. We’re fortunate that we are focusing on DO-
178B objectives right from the start.”
“Look, I don’t need any more ghosts haunting my program!” exclaimed Ron. “We need
to stay straight from Day 1.”
“No matter what project is chosen as the launching program for DO-178B, the company
is taking on a huge risk of the unknown. Enter the DO-178B consultant,” I stated with an
exaggerated professional tone as I straightened my shirt collar and tie. “Leverage
experience managing DO-178B compliant software development throughout the entire
software life-cycle. We’ve fought the battles and won the wars. We know what works
and what doesn’t. Our battle strategies and tactics are proven, and we know the trail to
victory.”
Page 3 of 8
paused to gain Ron’s focused attention, “… you have to walk the trail yourself. I cannot
carry you.”
“If you beat down the trail, I’m sure my software team can march through,” continued
Ron. “I want you to facilitate the process. Show us how to develop the SDP, the PSAC,
the SSPM, the SQAP, the SCMP, and all those other DO-178B documents. But my team
knows the way we do business, so don’t push your standard processes on us.”
“I’m with you, Ron. In fact, most of the technical content of these documents we need to
develop are already active in your organization. We just have to capture the process,
align it with the DO-178B objectives, and fill in any gaps. We should review your
processes and help you lay them out in an SDP. Then we can do a gap analysis to
compare any deficiencies between your process and the DO-178B certification level we
want to achieve. I can help you fill in any holes and make your processes robust enough
to satisfy the DO-178B objectives for the criticality level of the project.”
Ron shook his head with a worried look. “So you’re going to bury me in process, aren’t
you?”
“Absolutely not!” I stated, trying to restore Ron’s confidence. “DO-178B development
does not have to be a lot of process, and it does not have to be an overwhelming,
nebulous monster. The intent of DO-178B is to develop safe software, not necessarily to
generate documentation. We’ll use the documentation guidelines in DO-178B Section 11
to facilitate your safety review, development process and verification analysis.
“From a development perspective, you have to say what you are going to do; do it as you
say; and prove that you did. Verification is a little more effort because not only will we
do normal range and robust requirements-based testing, but we will also do structural
coverage testing of the code. We’ll use checklists and structured processes that will help
us prevent things from falling through the cracks.”
“So you’ll keep a watchful eye on us to make sure we implement a robust process and
follow it precisely?” asked Ron.
“Yep, that leads into another great value our team can provide – we can help you meet
your independence objectives of DO-178B.”
“I’ve heard about that,” Ron smirked. “That requires that the person who does the
verification is different than the person who does the development, right?”
“Pretty much so,” I confirmed. “The basic idea is to remove any single point failures in
development. We need to eliminate the ‘Frankenstein Syndrome’ and get the ego
involvement out of the developer’s creation. Innovators are horrible judges of their own
work. Even if they create a monster, it is still hot-stuff to them. That’s why developers
are the worst reviewers of their own work. They need to get independent input. My team
can work with your team throughout development and we can verify each other’s work
against the requirements. This will prevent misinterpretations from causing failures
down the line.”
Page 4 of 8
“Well, I certainly am looking forward to your help facilitating our process and verifying
our work,” welcomed Ron. “This software project is a big mountain ahead of us, and the
fear of it has been keeping me awake at night.”\
“Sleep easy, Ron. You don’t have to move that mountain. We’ll help you climb over it.”
Page 5 of 8
“We need to build your own process,” I agreed, “because in the end, you need to
maintain development. It's your process, so if you don't know how it works, you will
never be able to maintain your products.”
“I’m glad you feel that way, Vince,” Ron commented. “At first, I was worried that you
were going to insist on using processes and documentation from your previous programs
– but not just because we are unfamiliar with them. I was more concerned that my
proprietary information that I am investing heavily in would become more tools in your
bag of tricks to show your next customer – which might be my competitor.”
“Good consultants put a high value on professional integrity,” I affirmed. “If you don’t
feel confident that they are looking our for your best interests, tell them ‘Sayonara’.
Ethical consultants are worth their weight in gold. Unethical ones will cash it in.”
Page 6 of 8
The SSPM and SDP are unique to the developing organization and to the development
project. Many software consultants will gladly assume such a lucrative role that gives
them full reign of your processes. This can be a cash-cow, evergreen business for them,
especially if you become fully dependent on them. Don’t let that happen. It will result in
a butchered software development process and long-term dependence on the consultant,
since you’ll have minimal development of your own capabilities. Take advantage of the
consultant’s expertise to develop you team’s in-house capabilities in your industry.
“Finally,” I stated, “use independent technical reviews of your processes and products to
minimize software problems. In DO-178B processes, downstream problems become
extremely expensive simply because of all the rework they produce. In fact, the rework
often produces more problems. It costs about $75 to produce a line of code, and about
$2000 to fix it. Forty percent of software development time is spent debugging problems.
Concurrent technical reviews catch the problems when the fix is least expensive. Your
DO-178B consultants provide you a vehicle to support those independent reviews
throughout the program.”
“Wow, it really sounds like you got your arms around this software development
process!” Ron exclaimed.
“Hey, we’ve been around the block a few times,” I smiled. “That’s what makes us good
consultants. Software consultants don’t develop capabilities by studying methods. They
develop them by living them.”
Page 7 of 8
References:
Freedman, Daniel and Weinberg, Gerald. Handbook of Walkthroughs, Inspections and
Technical Reviews. Dorset House PublishingL New York. 1990.
RTCA/DO-178B/ED-12B “Software Considerations in Airborne Systems and Equipment
Certification”, RTCA/EUROCAE, December 1992.
RTCA/DO-248B. Final Annual Report for Clarification of DO-178B "Software
Considerations in Airborne Systems and Equipment Certification".
Additional Information:
Author Bio :
Vince Socci, founding principal of On Target
Technology Development, is a proven leader in
technology planning and development, project
management, product development, and technical
venturing. He has developed products in various
industries, including aerospace, automotive,
information technologies, and manufacturing. As
Chief Engineer, Mr. Socci has led successful software
product development life-cycles to meet the objectives
of DO-178B Level A. He has managed several major
product development and production programs and
has implemented business and technology strategies
for many new ventures. He facilitates product
development and project management courses for the State University of New York and
the University of Phoenix. Mr. Socci holds an MBA in technology management, and MS
and BS degrees in electrical engineering.
Copyright – All materials are copyright of Vincent P. Socci
Contact – Vincent P. Socci, Principal, On Target Technology Development,
vsocci@ontargettechnology.com; phone (607) 755-4980; fax: (607) 755-4981
Page 8 of 8