Archive | Uncategorized RSS feed for this section

Avionics Engineers: Plan your September Travel to San Diego for America’s Largest Development Conference: DASC 2019 !!

8 Jun

Fellow Avionics Engineers – you likely know last year’s Digital Systems Avionics Conference (DASC) in London drew hundreds of engineers.  This year 2019 is in our own backyard of San Diego, Sept 8-12.  Dozens of technical presentations, plus ½ Day Tutorials on Aviation Systems ARP4754A, Avionics Safety ARP4761, Cyber-Security DO-326A, and Software/UAV’s for DO-178C.

Yes, “on the water” of San Diego’s Mission Bay with ½ price hotel rooms available for a couple more weeks – bring the family and plan your vacation around this one.  I am, so see you there!

Click Here for DASC 2019 Info:

New Cyber-Security in Aviation LinkedIn Group and record Cyber-Security Class Attendance in Munich

17 Mar

New Cyber-Security in Aviation LinkedIn Group has started (join below), and big Kudos to AFuzion’s Mr. Aharon David teaching a large Aviation Cyber-Security DO-326A / ED-202A full-day course at Europe’s largest aviation event: Aerospace Tech Week in Munich last week.

Aharon’s cyber-security expertise was enjoyed by a large group of class attendees who learned about aviation’s newest requirements for Cyber-Security.  Demand was so strong that seven more classes are added for 2019 including Madrid, Italy, and DASC/San Diego.

For a free copy of AFuzion’s 20-page technical Aviation Cyber-Security paper on DO-326A and ED-202A, click here: Click here for AFuzion’s 20-age Tech Whitepaper on Aviation Cyber Security

To join the new Cyber-Security in Aviation group on LinkedIn, please click here: Click To Join Free Cyber-Security in Aviation or Engineers/Managers LinkedIn Group


Aviation Cyber Security & DO-326A: The New 2019 Mandates

15 Jan

Aviation Cyber Security will be perhaps the largest new development affecting all avionics developers and aircraft integrators for 2019.

Are you ready?  If not, read below for a free technical 1-hour tutorial webinar on February 7th and also training in Munich at Aviation Tech Week on March 12, 2019. To sign up for the free Feb 7 webinar, click here:   Click Here To Watch 1-Hour AFuzion DO-326A / ED202A Aviation Cyber-Security Webinar/Recording

To register for the March 12 Munich Aviation Week Aviation Security Training, click here: Aviation Security 1-Day Training Info & Registration Munich March 12

Aviation Security – it’s imperative in 2019 to develop an understanding of what is required for new avionics/aircraft development and operations via the new mandatory DO-326A/ED-202A documents.

The DO-326A/ED-202A set of documents is all about the mitigation of the aviation/aircraft safety effects of “Intentional Unauthorized Electronic Interaction (IUEI)”, a.k.a. “Cyber Threats”, and which were explicitly excluded from the classic DO-178/ED-12/ARP4754 set.

DO-326A/ED-202A & DO-356A/ED-203A focus upon type certification during the first three phases of an aircraft (including avionics) type: 1) Initiation, 2) Development or Acquisition, and 3) Implementation. Their companions DO-355/ED-204 focus upon security for continued airworthiness. DO-326A/ED-202A currently has 3 (three) companion documents: ED-201, DO-355/ED-204 and DO-356A / ED-203A, and a few more planned. DO-326A / ED202A provide requirements and objectives in a similar fashion to DO-178C, DO-254, and ARP4754A; while the DO-326A guidance is just that, certification authorities increasingly assess DO-326A compliance as added requirements for aviation suppliers.

The DO-326A/ED-202A set currently applies to fixed-wing aircraft (Part 25), with clear FAA recommendations for the adaptation/tailoring of DO-326A/ED-202A for general aviation (Part 23),rotorcraft (Parts 27 and 29), engines (Part 33) and propellers (Part 35), and clear indications of it will increasingly being applied to these other aircraft including military beginning in 2022 or thereafter.

DO-326A/ED-202A is “Airworthiness Security Process Specification”, used to mitigate effects of intentional electrical equipment intrusion, a.k.a. “IUEI” (Intentional Unauthorized Electronic Interaction) which could impact aircraft safety. DO-326A/ED-202A currently has 3 (three) companion documents: ED-201, DO-355/ED-204 and DO-356A / ED-203A (see below for detailed information) , and a few more planned. DO-326A / ED202A provide requirements and objectives in a similar fashion to DO-178C, DO-254, and ARP4754A; while the DO-326A guidance is just that, certification authorities increasingly assess DO-326A compliance as added requirements for aviation suppliers. Currently, DO-326A/ED-202A only applies to larger commercial aircraft, greater than 19 seats, hence is for Part 25 fixed-wing aircraft, however – clear FAA recommendations already exist for the adaptation/tailoring of DO-326A/ED-202A for general aviation (Part 23),rotorcraft (Parts 27 and 29), engines (Part 33) and propellers (Part 35). AFuzion’s participation in various committees and client work indicates DO-326/ED-202 will increasingly be applied to these other aircraft including military beginning in 2022 or thereafter. DO-326A focuses upon type certification during the first three phases of an aircraft (including avionics) type: 1) Initiation, 2) Development or Acquisition, and 3) Implementation. See DO-355/ED-204 below which focuses upon security for continued airworthiness.

Avionics and aircraft manufacturers need to address both developmental and operational aspects of their aircraft/systems. This ecosystem of secure safety within aviation development and operation focuses upon prevention of malware entering the avionics systems while they are being developed or data-loaded, and also during flight operations where such malware (or external hacking) could alter intended aircraft operations and safety.

As their titles suggest, ED-201 serves as the top-level “WHY” guide for the entire information security process. DO-326A/ED-202A define the “WHAT”, including risk assessment for ARP4761A; DO-356A/ED-203A comprise the “HOW” – more or less the “security-companions” of DO-178C/ED-12C et al; DO-355/ED-204 are the “WHAT THEN” – feeding to ARP5150; and the new ED-205 is for the ground (CNS/ATM, e.g. companions to DO-278A), more or less the “security-companions” of DO-278A/ED-109A, et al. Where the base aviation guidelines (DO-178C, DO-254, DO-278A, ARP4754A,…) suggest safe and verifiable engineering processes, the aforementioned security-related documents provide guidance and rules which augment those engineering processes for security intrusions and extend through aircraft operations. For DO-326A / ED-202A Guidance, DO-326A Training, DO-326A Mentoring, or DO-326A Gap Analysis, contact AFuzion.

For information on private DO-326A Training and ED-202A Training, see the AFuzion training page for more details here: AFuzion Cyber Security Training Info Click Here

Santa, All We Want For New Year 2019 is … Seven More Avionics Engineers!

4 Jan

OK, time for honesty:  did everyone get what they wanted from Santa Claus ten days ago?!?   Yes, Santa was good for everyone here at AFuzion Inc. with our record-breaking year doubling last year’s $ results.  But one thing (actually seven things) were missing from under the Tree … yes, Engineers.

You see, we’ve been steadily increasing staff here the past five years to keep up with our growing business in 25 countries.  At our December planning meeting, we actually wrote a letter to Santa asking him ” Santa, please bring us 9 more engineers. To start work Jan 7, 2019.”  Really.  Now folks, all of us either have children, know children, or are still children.  My kids even say I’m just a big child during the holidays.  We BELIEVE in Santa Claus. (Santa, are you listening?)  When we were kids, we usually got some of what we wanted.  But this year, Santa only brought us two engineers.  2.  T-W-O.    Santa, can you spell “N I N E”?  As in “9”.  We asked for 9.  We got 2.

Santa, do you not do math at the North Pole?  When Susie or Johnnie ask for a new bike, do you simply bring them one tire?  Yes, the two engineers you brought were great. Really.  Truly.  Top 10% of their field which is our minimum standard.  Thank you Santa.  But again we asked for Nine.  We got TWO …

Santa, if you are listening, we won’t tell anyone if you secretly make another trip to our chimney and bring us seven more engineers.  Yes, these are for the USA so must be USA citizens.  Yes, these are for the western USA so hopefully they want to live in Los Angeles, Phoenix, or Dallas.  Please Santa, if you can’t bring the engineers directly to us, please just send us their contact info or CV to our email at  Otherwise Santa, we’re going to spread the word that you sleep in funny red pajamas and live off cookies, milk, and … reindeer meat.  Santa, really.  Lay off the reindeer – just send us great Engineers please. ASAP!!!

Yours truly,

All the Engineers (Elves) at AFuzion Inc.

AFuzion Releases All-New Requirements Whitepaper for DO-178C, DO-254, and ARP4754A Software, Hardware, and Systems

20 Dec


AFuzion Inc. today announces the free availability of its newest technical whitepaper: “Requirements for Safety-Critical & Avionics Software, Hardware, and Systems”.  Previously available only to AFuzion’s 300+ clients, this latest paper is now available for free download from AFuzion’s whitepaper page.   Says Jeff Stevenson, AFuzion’s Business Manager:  “When AFuzion was smaller, we did business with 30-40% of the world’s avionics companies. But now the majority of them are AFuzion’s clients and our  technical papers are so widely distributed it only makes sense to make them fully available to all engineers worldwide.  The key is Safety, combined with efficiency and quality, so we’re adding a little year-end Holiday Cheer and making AFuzion’s latest paper publicly available.”

Adds Vance Hilderman, AFuzion’s Chief Technical Office and the author of this paper: “System, Software, and Hardware requirements are truly the key to safety-critical project success.  As we have taught 20,000 engineers in our AFuzion courses, Requirements development, management, and refinement are the true keys to project success. ARP4754 System requirements, DO-178C software requirements, and DO-254 hardware requirements development is both a science and an art. This paper describes how to build better systems faster and cheaper via Requirements.  Few things in life, or in aviation, are simple. But that truism is.”

This latest AFuzion paper is 14-pages filled with detailed information on creating, managing, refining, and validating requirements. Remember, verification means “does the implementation meet the requirements”, whereas validation asks “and do we have the ‘right’ requirements”.  This AFuzion paper shows why Validation is more important than Verification because without the right requirements, it is largely irrelevant if they are then verified.  Indeed. 

AFuzion has created perhaps the world’s largest library of technical whitepapers for safety-critical and aviation development. AFuzion’s decade’s old papers are still distributed by former employees (with the author’s name accidentally removed and replaced), but all AFuzion’s latest papers are freely available to clients.  Anyone is allowed to download up to two papers for free, so no reason to refer to the decades-old versions passed around elsewhere. 

For a free download, simply click here or go the AFuzion website under Whitepapers: Click Here For Free AFuzion Whitepaper Download

AFuzion Launches New CAST-32A Multi-Core Processing Training

18 Nov

AFuzion’s new CAST-32A Multi-Core Processing for Avionics and Safety-Critical developers has launched with strong acclaim. The future of embedded processing is via multi-core processors as the need for added processing power has surpassed the ability of CPU’s to keep up. However, multi-core processors utilize shared cache, shared memory, and shared communications I/O. This sharing between the MCP cores produces potential interference which can violate the very “determinism” requisite for certifiable safety-critical systems. For example, avionics DO-178C and DO-254 require adherence to CAST-32A recently updated by the worldwide Certification Authorities Software Team (CAST).

CAST-32A is the worldwide (America, Europe, Asia) Certification Authorities Software Team (CAST) guidance for ensuring safe implementation of Multi-Core Processing (MCP) within avionics systems. Increasingly MCP’s are used in avionics and understanding what must be done to plan for, implement, and verify deterministic “safe” MCP development via CAST-32A is the focus of this AFuzion 2-day private training course. Attendees will understand how to utilize multiple-cores providing simultaneous operations using deterministically shared resources such as cache, memory, and communications and performing MCP CAST-32A Interference Analysis. Attendees will also learn how to work with RTOS vendors and RTOS’s themselves to comply with CAST-32A and develop safer avionics.  For a free technical whitepaper on CAST-32A, download here: Click Here for Free AFuzion Technical Whitepaper “Understanding CAST-32A


CAST-32A is increasingly relevant to avionics developers but users find it vague and challenging to understand. AFuzion’s 2-day CAST-32A Training teaches attendees how to properly understand, deploy, and verify MCP-based applications. AFuzion’s training was recently provided with our industry partner Lynx Software to 45 senior MCP developers in Huntsville Alabama and it was a resounding success; all the attendees stated it was highly worthwhile and crisply delivered to provide a true practical understanding of CAST-32A deployment for avionics via DO-178C and DO-254. AFuzion’s CAST32A training syllabus is summarized below, with full details at AFuzion’s website,



  • CAST-32A Introduction
  • Summary of DO-178C, for Multi-Core usage
  • RTOS Introduction & Scheduling, Processes, Tasks, and Threads
  • MCP What & Why
  • DO-178C & MCP – Plans, Standards, Activities
  • CAST-32A MCP Robust Partitioning Principles
  • RTOS Specifics – Technical Info
  • DO-254 & MCP
  • MCP Cert, Deadlines, Benchmarks & Reports
  • Overview: IMA, ARP4754A, ARP4761 & MCP
  • IMA & CAST-32A Modules and Partitioning
  • DO-178C’s & MCP Requirements, Design & Verification –
  • MCP & CAST-32A Best Practices for Planning, Testing, & Certification
  • MCP & CAST-32A WCET Mistakes & Best Practices

Can Multi-Core Processing Be Safe? Maybe … (CAST-32A)

3 Oct



Yes, you are busy and in today’s world you want immediate answers to important questions. “Is Multi-Core Processing safe?” The quick answer: “It can be, but …”. The slightly less quick answer: read the next few paragraphs. The proper answer: review CAST-32A or listen in on the free technical webinar on October 11, 2018 (sign up here: free but limited to the first 500 signups and these always are oversubscribed: Free Multi-Core Technical Webinar Signup: )

For safety-critical systems, a key facet of safety is “determinism”, via apriori planning, development, verification, then safety certification. But Multi-Core Processing (MCP) achieves faster processing by performing multiple activities at the same time, in parallel, by allocating tasks to different processing cores which are all embedded on a single processor. Today, your computer or cellphone likely uses MCP. Why MCP? Simple: we want our devices to do more and to do it more quickly. We’re slowly reaching the point of diminishing returns on silicon density technology where we’ve blissfully followed Moore’s law via improved processor fabrication and faster clock speeds. The answer: put multiple processing cores on a single chip and enable use of shared resources (memory, cache, etc.) to enable faster “parallel” processing (where actual “parallelism” is determined by both the application developer’s architecture and the task allocation model, including operating system).

But just as free lunches are rarely “free”, MCP isn’t fully “free”; certainly not for safety-critical systems where that pesky “Determinism” attribute is important. Just five years ago, MCP was considered to be so dangerous it was indirectly “banned” by worldwide aviation authorities. But those authorities are too smart (clever?) to actually “ban” a technology, so they published a document named CAST-32 which essentially stated “MCP could be used if the developer could prove all cores were disabled except for one”. Wait – if you disable all cores except one, then you don’t really “have” MCP, do you?!? Who knew the advanced certification experts had a great sense of humor. Now, when disabling three out of four engines on a four-engine airplane, you’re essentially flying a heavier single engine airplane with worse performance characteristics than a true single engine aircraft. Same with disabling all the cores on a multi-core processor. Brilliant.

And then, voila, technical evolution meets Today: the new update to CAST-32, aptly titled CAST-32A, allows for true MCP usage in airborne safety-critical systems. But the new MCP lunch isn’t free: we now have to prove determinism within the MCP including its innermost secret (intellectual property) workings. This means we must prove predictable memory and cache usage without interference. The burden of proof is on the user and typical users don’t understand (and don’t have access to) the real-time operating system (RTOS and MCP internal design to enable such proofs. Affirming MCP determinism is not trivial and you almost certainly need a certifiable MCP RTOS to enable MCP certifiability.

In the software certification world, there is an interesting relationship between OOT and MCP. Yes, both acronyms have three letters. But the real similarity is in utilizing safe subsets. Example: true C++ was not fully usable 15 years ago until rules for safe object oriented technology via defined language subsets (MISRA C++) were formalized. The result was that full C++ cannot be used without rules limiting its usage (for example, restricting the use of inheritance, polymorphism, overloading, and garbage collection). Similarly, full MCP usage will be difficult to prove deterministic usage so limitations simplify MCP acceptability; those limitations include core/task allocation models which greatly reduce potential interference paths between cores. So, a certifiable MCP use-case is there and becoming clearer. To make it very clear, simply watch the free AFuzion technical webinar at the link provided above. Or watch it anytime later via the AFuzion free technical training webinars posted on YouTube here: AFuzion Free Technical Youtube Webinars.

There you go: quick answers for you busy engineers. But we’re never too busy to be safe so keep your cores deterministic.

Safe Skies,

Cheers, Vance Hilderman (CEO AFuzion Inc.)