Hacker News new | past | comments | ask | show | jobs | submit login

In such a case the Avionics Engineer (or whomever's actually designing the flight worthiness and characteristics of the overall system) would produce a white paper that fully describes the operational limits of the system under various conditions. Such a white paper (and it's attached references alone) should be enough to create a fully working simulator; it would also be what is used by the software engineer to confirm that the model they have made behaves within anticipated limits; and probably also would require human review (pilots in the sim, running against the real software with simulated inputs).

That's the TYPE of thing I expect to happen in this context.

And how, exactly, did the software engineers at Boeing stray from this hypothetical process, one which is not used in any specialty?

The job of the software engineer is to correctly implement the given spec. As far as anyone knows, that was done.

There is no one, in any industry, that wants their software engineers to say "I'm not moving forward until I've seen the validated medical testing and lab results that this design is based on. I will also need you to run a several year safety trial, provide multiple attestations that the design is correct by end users, regulators, and independent auditors, before proceeding."

What you are suggesting is ridiculously impractical. The specialties rely on one another, and if the controls and human factors people have signed off on the design spec that's what the software engineers should faithfully implement. During implementation, if it becomes apparent that there are states the system can get in to that are not called out in the spec that obviously requires re-engagement. But that's not what you are suggesting as far as I can tell.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact