We Don’t Know How to Build Safe Software

On Oct 29, 2018, Lion Air flight 610 from Jakarta to Pangkal Pinang crashed into the ocean, killing all 189 people on board. On Mar 10, 2019, an Ethiopian Airlines flight from Addis Ababa to Nairobi crashed, killing 157. Equipment on both flights was the Boeing 737 Max. Within days of the second crash, airline regulators around the world grounded all of these planes.

Details are now starting to emerge about the design, certification, training, and software used in these troubled aircraft. Gregory Travis, who has been a pilot for 30 years and a software developer for 40 years, writes a scathing indictment of the many compromises and mistakes made to bring this aircraft to market. It’s a great read for both aviation enthusiasts and software developers.

We have collectively learned how to design tangible objects to be safe, when required: buildings, cars, airplanes, even hover boards. We have devised systems and protocols for testing and validating these physically designed objects. We build in healthy safety margins.

Our practice, methods, and rituals in software lag far behind these proven design patterns in the physical world.