Tag Archives: do-178C

New DO-160 Avionics Testing Technical Whitepaper by AFuzion – Free Download

7 Jan

AFuzion has released its new DO-160 Avionics Testing Whitepaper, available today for free download here: Click Here to download AFuzion’s DO-160 Technical Whitepaper – Free.

Do you know DO-160?  Here’s a quick summary; simply download AFuzion’s free technical DO-160 paper for details.

DO-160, “Environmental Conditions and Test Procedures for Airborne Equipment”, applies to virtually all commercial avionics systems and many other forms of airborne equipment. In the case of DO-160, the title is quite revealing, as DO-160:

  • Pertains to environmental testing, not logic execution or developmental processes
  • Provides explicit, independent test criteria which must be attained to achieve equipment certification
  • Applies to airborne equipment and expected worst-case environmental conditions which could potentially be encountered during aircraft operations

 

Essentially, DO-160 mandates tests which prove the equipment will continue to operate as desired in worst-case environmental conditions which could potentially occur in an aircraft. The purpose of which is safety, whereas commercial aspects are not important to DO-160 per se. Some people fondly call DO-160 the “Shake And Bake” test regimen, because early DO-160 testing was based upon subjecting the hardware to extreme vibration and temperature conditions. But DO-160 has always been more than “shake and bake” and the most recent versions introduce many additional forms of testing including pressure, salt, water, RF, magnetism, lightning, and many more environmental conditions.

Before proceeding further, please ponder a little quiz …

  • T / F:   DO-160 applies solely to electronic hardware.
  • T / F:   DO-160 can be used to measure service life and MBTF.
  • T / F:   DO-160 testing is typically performed simultaneously to performance and functionality testing of the hardware/software logic
  • T / F:   DO-160 is predominantly concerned with temperature and vibration testing.
  • T / F:   DO-160 is a static document and rarely updated.
  • T / F:   DO-160 testing should all be performed on the same piece of equipment.

 

Do you know all the answers? A couple of them are tricky, but reading AFuzion’s full and free DO-160 paper will help.

 

 

DO-160 has a long pedigree. While the first version was released in 1975, it is derived from DO-138 which dates back to 1958, making it one of the older aviation certification documents still applicable today, albeit in its latest revision. Although many of the other “DO” documents pertain to specific aspects of hardware, software, systems, and processes, DO-160 is often considered the grandfather since almost all these systems must ultimately pass DO-160 testing.

 

DO-160 is essentially equipment environmental testing to Minimal Operational Performance Standards (MOPS), where testing is to be performed in a certified laboratory environment with certified & calibrated equipment. Such a laboratory environment means the tests are objective, standardized worldwide, and repeatable. Typically these tests are performed at testing centers which are independent of the design, though larger companies may have their own dedicated DO-160 test environments. Non-certified laboratories or equipment are useful ‘engineering tools’ to increase design confidence and decrease actual certified laboratory test time. The successful conclusion of a DO-160 test campaign is an accepted Test Report (desirably, but not necessarily with all ‘pass’). A well-written Test Report is not a trivial task, and in this context would include the certified laboratory(ies) and a list of the test articles, which includes the calibrated test equipment. The DO-160 testing would follow a previously written and customer accepted Test Procedure, being referenced in a Test Plan.

For DO-160 Training or additional information, click here or contact AFuzion: AFuzion’s Avionics Development Training – Info & Contact Click Here.

For a quick 1-minute video to understand how to close your avionics development gaps, click here: Click upper right video link here for AFuzion’s Gap Analysis 1-minute video

7 x 7 x 7: 7 Avionics Development Tips from 7 AFuzion Developer’s 7 Months in Japan

5 Mar

 

Seven AFuzion avionics software engineers recently completed a 7-month assignment in Japan on the new Mitsubishi Regional Jet.  What are the top 7 avionics software DO-178C and DO-254 hardware tips they learned?

Says Mr. A. Morita (AFuzion’s Japanese Client) “We are very pleased to acknowledge the success of AFuzion’s expert engineers and DER’s.  Half the work needed to be done onsite in Japan and the AFuzion engineers were very hard working and productive. The other half could be done offsite by AFuzion in USA and it was good also. Our engineers traveled to California and worked in AFuzion’s Los Angeles offices; it was very nice and productive. The AFuzion avionics engineers gave us DO-178C training and also DO-178C and DO-254 best practices.  The AFuzion DO-178C gap analysis was good and helped us understand the gaps.  Our only wish is that we engaged AFuzion sooner as we could have save even more money and time.”

 

Mr. Jack Jones states “I managed the onsite AFuzion Japan engineers plus three of our DER’s and was there for the entire 7 month engagement.  It is really a pleasure working with the Japanese as they are hard-working and diligent.  The Japanese culture is well-suited to successful avionics because DO-178C and DO-254 require diligence, skill, and plenty of checklists; we used the new 2016 AFuzion DO-178C and DO-254 checklists and they’re really great – note the lessons below.  I think we’ll be seeing much of Japanese aviation and avionics engineers in the future – we’re quite impressed and as you know AFuzion engineers aren’t easily impressed.  At the successful conclusion, we were.”

 

Here are the top 7 avionics development tips from AFuzion’s seven developers in Japan for seven months:

#1).  Understand that aviation and avionics are not “all-new” developments, but that there is much legacy foundational work.  While DO-178C and DO-254 seem to “presume” all-new custom development, the truth is that most avionics projects are upgrades to existing legacy systems and a combination of previously developed hardware/software, and reverse-engineering applies.  Read CAST-18 about Reverse Engineering for avionics (request a copy at www.afuzion.com or download the Top DO-178C Mistakes whitepaper at http://afuzion.com/do-178c-best-practices-for-avionics-development/ which further explains).

#2)  Go back and focus on requirements.  For system requirements, be sure to apply ARP-4754A but understand ARP-4761.  Get ARP-4754A training or at least read up on it (for a free introduction, just download and read “Understanding ARP-4754 Introduction”: http://afuzion.com/arp-4754a-introduction-avionics-systems/ )   Be sure to address Safety requirements and prove your Systems engineers reviewed this and QA audited it (note:  this wasn’t done when AFuzion first showed up onsite so we quickly had to rectify that)  Go back and add more detailed DO-178C and DO-254 requirements.  Address derived requirements explicitly.  Use a detailed requirement review checklist (request a free copy from AFuzion if you don’t have one).

#3.  Get good DO-178C training, ARP-4754A training, or DO-254 training.  If you can afford outside trainers, just Google and find the best (that’s easy – AFuzion’s engineers did the world’s first 30 years ago and have trained over 12,000 worldwide; over 1500 in just the past year).  If you can’t afford outside training, read the books on DO-178C and DO-254 and download the recent whitepapers (most were all written by AFuzion but AFuzion’s old ones are available from Atego and HIghRely; best to get the new ones (all free from AFuzion) and compare with the old ones our engineers wrote 15 years ago which are nicely still provided by Atego and HighRely – you can see how much avionics has changed in those 15 years and how NOT to do things by reading the latest versions; only available from AFuzion).  Also for free: a one hour seminar on DO-178C Mistakes – watch here for free:  https://attendee.gotowebinar.com/register/7350945891265140228

 

#4.  Qualify your test tools.  When AFuzion’s team first arrived in Japan, the engineers there were working hard re-reviewing all the code and tests manually, repeatedly.  Everything was changing and the amount of time spent on re-reviews was enormous. We taught them how to instead perform DO-330 tool qualification to avoid re-reviewing all the code and tests repeatedly. This alone saved our client over $500,000 in those seven months and probably $2-3M over the future lifetime.  If you don’t know how to do DO-330 tool qual, just download a free Do-330 Tool Qualification paper here:  http://afuzion.com/do-330-introduction-tool-qualification/

 

#5.  One great reviewer is better than many good reviewers. When we arrived in Japan, the well-intentioned customer engineers had 5-10 reviewers at every peer review.  Massive overlap but also some gaps. Instead, use professional checklists (AFuzion has the world’s latest and most thorough DO-178C checklists and also DO-254 checklists; not just the old rehashed open-source checklists from Boeing’s D6 document which everyone else sells, but real all-new DO-178C and DO-254 checklists).  Train reviewers to do complete reviews; if you can, use Agile DO-178C methods and CMMI review methods.  Make sure you capture the transition criteria for reviews and that QA audits those review transition criteria.  And always use one great, responsible and accountable reviewer instead of numerous weak reviewers.

 

#6.  Do a DO-178C gap analysis and DO-254 gap analysis.  Leverage 60-70% of your existing work and artifacts and keep them!  No need to change. But understand the gaps and close them.  If you can afford it, engage a professional gap analysis like this one:  http://afuzion.com/gap-analysis/    If you can’t afford an outside gap analysis, get training and do your own.  At least understand common mistakes and avoid those.  For example, here’s a free paper on how to avoid common DO-254 mistakes:  http://afuzion.com/do-254-top-mistakes-2/    But remember to keep review records of your reviews (again our Japanese client had great reviews but simply didn’t have great records to prove that).

 

#7.  Reward productivity.  Some engineers are 500% more productive than others.  Because they’re smarter?  Probably not – our Japanese client engineers were all exceptionally smart.  But teach productivity and reward it.  Make competition fun.  We gave weekly “bonus recognition” awards of a trip for two to the local sushi house on Saturday – many pounds of tuna were indulged in engineers who increased their productivity. At the end, everyone was much smarter, more productive and really enjoying work; three of our engineers will remain through 2017 and likely beyond. (AFuzion’s Jack Jones will remain in Japan only half-time so soon able to write many more technical articles – thanks Jack for all your many successes in Japan!)

Fall 2016 Important Avionics Development Dates: Conferences, Webinars, & Training

23 Aug

 

Important Avionics Development Dates – Fall 2016

 Avionics Conferences, Webinars, & Training 

 

Sept 13-15, 2016:  FAA Bi-Annual Certification Conference, Dallas Texas USA.  (Limited to 350 Attendees)        Info & Register :  www.faa.gov

Sept 14-16, 2016: Software Safety for Airborne Systems Conference, Berlin Germany.                                      Info & Register: http://www.avionics-system-safety.com/

Sept 26-27, 2016: Public DO- 178C Training via SAE, Hartford CT USA:                                                               Info Request: vance.hilderman@afuzion.com

Sept 29, 2016: Free Technical Webinar 10 a.m. EST: “Managing Safety-Critical Requirements” – Jama Software & AFuzion. Register:  http://go.jamasoftware.com/developing-safety-critical-system-requirements-best-practices-registration.html?utm_source=afuzion

Oct 13, 2016: Free Technical Webinar 9 a.m. EST:  “How To Fail (and how NOT to Fail) at Airborne Software Development”   Register: https://attendee.gotowebinar.com/register/6879917310589589249

✔ Oct 25-26, 2016:   Electronic Valley Aviation & Avionics Development Conference, Ankara Turkey.              Info & Registration: http://www.ev-seminars.com/seminar2016

Nov 14-15, 2016: Public DO-178C Training via SAE: London UK.                                                                            Info & Registration: http://sae-europe.org/aerospace-training-week/

 

DO-178C Top Success Secrets – Free 1 Hour Recorded Webinar by AFuzion Inc.

31 Jul

DO-178C Top Technical Success Secrets – Free 1 Hour Recorded Webinar

This free recorded DO-178C webinar details the top 10 DO-178C & ED-12C secrets,  particularly focused on FAA & EASA compliance. Increasingly DO-178C compliance is being required worldwide, and not only for the commercial aircraft it was originally intended for: helicopters, UAV’s, military aircraft, satellite systems and more must comply with DO-178C. The veracity of industry myths will be discussed along with best practices for cost-effective DO-178C implementation. The Top 10 technical success secrets for typical software development activities will be detailed along with details on Best Practicess.

Attendees Will Learn:
* True intent of DO-178C by senior engineers with 100+ years of DO-178A, DO-178B, and DO-178C experience
* Common DO-178C compliance gaps which worldwide Certification authorities focus upon
* Best practices of the world’s top avionics companies by engineers who have worked for 95 of them
* Top DO-178C mistakes, and how to avoid them, by the world’s #1 DO-178C trainer

Presenters
This webinar will be facilitated and presented by Mr. Brian Foley, Mr. Vance Hilderman, and Mr. Jack Jones, all affiliated with AFuzion Inc and BRiFO. Their experience encompasses most phases of aviation software development over the past forty years.  Mr. Hilderman is the principal author of the world’s most popular books and papers on avionics development; his DO-178 training and Gap Analysis, first copyrighted in 1989 after Hughes Aircraft (Hughes Fellow), has been provided to over 10,500 engineers in 35+ countries; in the past 25 years he has provided more DO-178 training than all other trainers — combined.

Who Should Attend?
Aviation personnel including Engineers, Managers, Safety, Software, Test, Systems, Quality Assurance, and Proposal engineers.

Access this free 1 hour technical DO-178C webinar here:  https://attendee.gotowebinar.com/register/7350945891265140228

For additional information on DO-178C Training, go here:  http://afuzion.com/avionics-safety-critical-training/

For additional information on DO-178C Gap Analysis, go here: http://afuzion.com/gap-analysis/

For free DO-178C whitepapers, go here:  http://afuzion.com/avionics-safety-critical-training-whitepapers/

AFuzion Launches World’s First ADS-B Training for Avionics Engineers

28 Apr

 

AFuzion Inc has developed the world’s first ADS-B training course intended for avionics engineers and managers.  Selected by Aviation Electronics Europe to provide this training to paying students, AFuzion taught the ADS-B class to engineers from over 14 different worldwide companies in Munich, Germany on April 21, 2016.  The full-day ADS-B course provided students with basic knowledge to deploy Automatic Dependent Surveillance – Broadcast avionics systems.

AFuzion’s ADS-B class covers:

  • Background and technical context of ADS-B; what is really involved.
  • Ins and Outs of ADS-B: how to leverage ADS-B “In” and ADS-B “Out” in avionics solutions
  • Why is ADS-B mandatory, and what are costs versus benefits?
  • Today’s versus Tomorrow’s ADS-B solutions: how will avionics evolve for ADS-B?
  • Top ADS-B development risks and how to certify ADS-B for EASA & FAA
  • Applying ADS-B Best Practices

 

In 1989, AFuzion’s founder Vance Hilderman brought the world the first public avionics training for DO-178A. By 1997, his personally copyrighted DO-178B training had been provided to over 1,000 engineers worldwide.  By 2004, that number had grown to 3,500 avionics engineers training in DO-178B and DO-160. By 2012 he had personally taught over 7,000 persons and today he has provided his long-time personally copyrighted avionics development training regimens to over 10,500 engineers worldwide.

Attendees at Munich’s ADS-B training had this to say about this world-first training on April 21, 2016:

“I want to thank you for two day excellent training and making this expo fun, “truly” not “surely” ;)”   Olivera J.

“I had a great day yesterday! Thank you very much for some good insights on ADS-B.” Werner W.

“Your course was very interesting for me to get the whole picture on ADS-B, as I’m up to now was mainly  digging on details in some of the standard documents you have mentioned.”  Dr.  Manfred S.

“It was really a great presentation, smooth and easy to understand.”  Jamal N.

Evening Vance and thank you again for another great day of learning.” Andrew R.

I would like to thank you for the presentation you delivered today. I found it very interesting, which can be a tough task when discussing ADS-B. “   Anthony H.

More ADS-B Facts and information on AFuzion’s ADSB Training:

 

In the 1940’s, “radar” was introduced to aviation with great results. For 70 years, radar-based aviation ruled the skies, both on the ground and in the air. While still useful, GPS and satellite-based position information is vastly more capable than radar:  Automatic Dependent Surveillance – Broadcast (ADS-B) uses GPS and satellites to determine aircraft position and broadcast that position to the world, in real-time.  ADS-B will soon be mandatory world-wide; it will promote better aviation safety and situational awareness while opening up myriad business and technological solutions to aviation …

 

Avionics manufacturers and aviation data suppliers worldwide have jumped on ADS-B for two reasons:  government mandates and business opportunities.  Government mandates ADS-B equipment to improve aircraft safety and reduce physical separation between aircraft to mitigate congestion. But ADS-B promises new business opportunities for aviation suppliers, just as personal computers and the internet did for consumers decades ago.

 

This fast-paced course is intended for aviation professionals seeking a better understanding of the “Ins” and “Outs” of ADS-B:  how it works, why it’s mandatory, what it means, and technological aspects to maximize success.    ADS-B from the ground up is described, literally, beginning with ground stations and receivers/transmitters.  The role of GPS and satellites is described, along with avionics requirements to meet the ADS-B mandate.  The new ADS-B “In” capability is described along with the potential for supplying fee-based data services to aircraft and the opportunities such entail.  The facts you need to succeed with ADS-B are presented in this one-day course.

 

Additional information on AFuzion training can be found here:  http://afuzion.com/avionics-safety-critical-training/

 

Keynote Speech: Top 2016 Aero Trends

12 Jan

At a recent Keynote address, AFuzion CEO Mr. Vance Hilderman presented his “Technology Forecast: Top Trends for Aerospace” in a fast-paced 25 minute presentation to a full house at Electronic Valley in Ankara.   Tailored for Turkey, he also posed a brief quiz to test the listener’s knowledge and forecasting ability.  Will Mr. Hilderman’s predictions prove True or False, Prescient or Whimsical?  You decide.   Listen to his Keynote Speech here as you plan for success in 2016.

 

 

ElectronicValleyKeynoteSpeechTitleSlide-1page

Hardcopies of the Keynote presentation are available by request at the following AFuzion url:  http://afuzion.com/contact-2/

 

 

DO-178C Costs versus Benefits

23 Dec

A new DO-178C Costs versus Benefits whitepaper has been published by AFuzion Incorporated’s Vance HIlderman and is available for download at http://afuzion.com/avionics-training/whitepapers/do-178c-costs-versus-benefits/

This 10-page technical whitepaper provides actual facts on DO-178C Costs along with DO-178C development metrics. The author shows how initial DO-178C deployment can readily add more than 100-150% to development, while experienced avionics development teams experience much lower initial incremental costs of 25-40%.

Many users complained of added costs associated with DO-178B, and DO-178C streamlines some of those costs but offsets others with increased rigor.  Truly, DO-178C is never cheap, certainly not on the first project.  And in clear cases outlined herein, DO-178C can increase costs above DO-178B, which already increased costs by 20-40% itself.  But is DO-178C really “too” expensive? Doesn’t it actually reduce costs over DO-178B for companies who were doing it “right”? Does it reduce long-term costs at the expense of increased development cost? Will it improve safety and reliability and if so, to what degree? Exactly what benefits are received from complying with DO-178C?  In what areas is DO-178C more expensive than DO-178B? These important questions are answered in this Vance Hilderman Whitepaper.

 

DO-178 has increasingly evolved into the de-facto standard for virtually all forms of commercial avionics except for experimental aircraft.  In the past decade, DO-178B and now DO-178C are mandatory for most Military avionics.  The new DO-178C made both minor and major changes; costs will definitely increase for those users taking shortcuts with the former DO-178B.  However, DO-178 possesses attributes common to all safety critical domains: planning, consistency, determinism, thorough documentation and testing, and proof of the preceding attributes. Truly, DO-178 relies upon significant verification (reviews, tests, and analysis) to assess avionics quality. However, avionics quality comes from a quality process, design, and implementation, not just from testing.

The full 10-page DO-178C Costs Versus Benefits is available for free downloading at http://www.afuzion.com

Additional technical aviation and avionics development whitepapers are available at:

http://afuzion.com/avionics-safety-critical-training-whitepapers/

 

 

 

 

DO-178C Level C Clarification

25 Jul

DO-178C Level C Clarification – A Synopsis excerpt from Vance Hilderman’s private technical research.

“There has been much controversy, in fact more than a few arguments, in the normally staid avionics engineering community, about DO-178C’s alleged requirement  to greatly increase the amount of testing required for Level C (and even Level B) software.   And some have said that DO-178C will require performing MCDC coverage analysis on Level C software.  Is it true? No:  DO-178C does not require MCDC coverage for Level C software; however a closer look at the facts is necessary to understand that DO-178C will force more detailed requirements for Level C  (and Level A and B) software; therefore more test cases of those requirements will be necessary which thus emulates a portion of the added testing normally associated with MCDC.  A closer analysis of the facts is warranted …

First, it should be note that this topic is partially addressed within the book “Avionics Certification – A Complete Guide To DO-178 & DO-254” which has sold thousands of copies (all royalties are donated to charity directly by the publisher, Avionics Communications Inc, the world’s largest publisher of avionics related technical materials. Vance Hilderman, the principal author of that book states:

“The DO-178 book chapter on this topic is limited in scope and like all books, simply cannot be ‘all things to all people’. The book is meant as an overview, as it was generally written from the DO-178 Training  I developed during my 2004-2005 sabbatical. MCDC (rather Modified Condition Decision Coverage) is a formally required objective for DO-178C’s Level A software. In an all-too-brief synopsis, MCDC structural coverage attempts to affirm that each source code statement has been verified to ensure that each condition within that statement properly, and independently, affects the outcome of that statement (with the intent to correlate such conditions to the underlying requirements). More details are provided in my DO-178C Verification Whitepaper, but here is an extract:

As an example, consider the following logic:

Park_ Status  =  (Engines_Off  &&  Brakes_Set )  ||   (Weight_On_Wheels  ||  Parked_Discrete);

Clearly, the True/False value of Park_Status is a function of four conditions:

Engines_Off

Brakes_Set

Weight_On_Wheels

Parked_Discrete

Each of the above four conditions can independently affect the value of Park_Status.  Level A requires MCDC coverage, meaning a minimum of N+1 test cases where N equals the number of conditions. Therefore, there are clearly sixteen possible test cases (2**4) for the above line of code and Level A requires execution and analysis of at least five of them (N+1, where N is the number of conditions).

Now, Level C merely requires statement coverage, meaning each statement must be executed. Therefore, it could be implied that only one of the sixteen possible test cases require execution for Level C. So, which is correct: does Level C require just one test case for the above line of code? Two test cases? Three test cases? Four test cases? Or five test cases?  Can you simply decide for yourself?  The answer requires a true knowledge of the intent of DO-178.

First, DO-178C Level C requires both high- and low-level requirements, and verification of those requirements, with the intent that such low-level requirements cover normal operating conditions and algorithms.  Both high- and low-level requirements must be written, uniquely identified, traced, and verified (reviewed and tested). The above logic block is clearly a normal operating condition expressed via an algorithm.  Ideally then there should  have been low-level requirements (note the plural form) describing the above logic, prior to actually writing that logic.  Note that I use the term “logic” instead of software, since realistically the implementation could have been either via software (executing in a CPU or microcontroller), or via firmware in silicon (more properly termed Complex Electronic Hardware  (CEH) which is implemented via an FPGA, PLD, or ASIC, for example).  Under DO-178B, the objective was to ensure all major logic blocks were associated with requirements, typically low-level requirements.  But did DO-178B formally require such?  No, however thorough, and good, engineers took DO-178B’s intent to heart and wrote more detailed requirements than was minimally necessary, then performed more functional (requirements-based) testing than was minimally necessary.  Those thorough and good engineers are rewarded under DO-178C by having very little additional work to do.  However, those doing the least amount of work allowable under DO-178B will find themselves needed to have more detailed requirements, and thus more test cases, under DO-178C than they previously were able to get away with under DO-178B …

For the above example, the high-level requirements could state “The capability shall be provided to determine the plane’s parking status based upon the status of engines, brakes, weight-on-wheels, and parking mode.” A corresponding low-level requirement  might be “Parking  Status shall be set to Parked when the engines are off and the brakes are set.”  Another associated low-level requirement might be “Parking status shall be set to Parked when both the plane’s Parked discrete is set to Parked and its  weight-on-wheels status is positive.” (Note:  for extra credit, please find the error in the logic, based upon the aforementioned requirements … and THAT is why you must do code reviews to the traced requirements, and test reviews to the traced requirements!).

If the low-level requirements were not completely elucidated like the above, or if the software verifier missed the intent of such low-level requirements, then test cases could potentially be missing on a Level C project. In that case, any combination of the four conditions which yielded a Park_Status of True would satisfy the DO-178C Level C structural coverage objective.  And such could be rationalized under the seemingly innocent claim that “this isn’t a life-critical Level A or B system, since it’s designated Level C”.  And there’s the paradox:  by fully verifying properly elucidated Level C requirements, many or all of the MCDC test cases normally reserved for Level A would be executed via Level C.  And that is a good thing. But it is simply not required. Remember:  DO-178C has five distinct criticality levels, even though everyone recognizes that systems, and the aircraft, would be safer if we simply developed all logic to Level A standards. The five different criticality levels are provided simply because “not all systems are created equal” in terms of contribution to flight safety.

Level C systems or components are not as critical to flight safety as their Level A or B counterparts.  Should your requirements standard and verification plan require such stringent verification for Level C?  “I personally believe so”, states Vance Hilderman. Does DO-178C mandate such?  “Not specifically, however ‘good practices’ imply such”, explains Vance Hilderman.” It should be noted that DO-248 makes a modest (though universally acknowledged as ‘weak’) attempt to further explain this; however, any avionics veteran knows that DO-248 applies to DO-178B, not DO-178C.”  Will Level C software be more reliable under DO-178C than under DO-178B? “Level C software will have more detailed requirements under DO-178C than most developers employed for DO-178B; thus there will be more test cases for Level C software required under DO-178C than there was for DO-178B.  However Mr. Hilderman notes “Testing software does not directly improve its quality; rather testing assesses software quality and it is that assessment which can be used to improve quality.  Also, avionics systems Design Assurance Level (DAL) plays a large role in system reliability, since Level B software is 100 times more reliable than Level C, due to the architecture of the system (usually mandating redundancy for Level B to achieve the requisite 1 x 10-7 reliability factor versus Level C’s 1 x 10-5 value.

<This section deleted from this general-distribution synopsis.>

This is but one of many “gray areas” which DO-178C helped to illuminate but still left open for interpretation within individual projects. There are many criteria by which projects adhere to DO-178C criteria, and the certification authorities or oversight entities have the responsibility to clarify on a case-by-case basis for each project.  For more details, contact Vance Hilderman directly.