DO-178B
DO-178B is the standard for developing avionics software-intensive systems jointly prepared by the Radio Technical Commission for Aeronautics (RTCA) safety critical working group RTCA SC-167 and the European Organization for Civil Aviation Equipment EUROCAE WG-12. (click here for a DO-178B overview).
Clients rely on CSL to assess their compliance with various safety-related standards to satisfy regulatory requirements, reduce risk, or gain market recognition for their products.
Among these different standards, DO-178B stands as one of the most highly regarded in terms of software dependability.
With up to date knowledge of the latest technology trends and directions with regards to DO-178B, CSL provides clients with:
Gap analysis of a system for DO- 178B certification
Roadmap to make a product or system DO-178B certifiable
Achieve product certification with the client
Soon to come: Roadmap to transition from DO-178B to DO-178C
While this standard was developed for the purpose of certifying airborne software, it can be used as a basis for reviewing any kind of software developed for use in a safety-critical system. In particular this standard has influenced critical software methodology in domains such as defense, nuclear, automotive and medical. CSL also provides clients in non-avionics industries with:
Best software development practices learned from DO-178B
As a member of RTCA SC 205, CSL contributes to the development of the next version of this international standard known as DO-178C. Within this committee, CSL participates mainly in a subgroup assigned the responsibility of updating DO 178 to accommodate advances in verification methodology for critical software systems. This includes the use of mathematical techniques known as “formal methods”.
RTCA DO-178B overview
DO-178B is the standard for developing avionics software intensive systems jointly prepared by the Radio Technical Commission for Aeronautics (RTCA) safety critical working group RTCA SC-167 and the European Organization for Civil Aviation Equipment EUROCAE WG-12. The B version of this standard was issued on December 1st, 1992.
The purpose of D0-178B is “to provide guidelines for the production of software for airborne systems and equipment that performs its intended function with a level of confidence in safety that complies with airworthiness requirements.”
In short, this external standard provides guidelines for the development of software with a highly deterministic behaviour that conforms to its specified requirements.
The guidelines are in the form of:
Objectives for software life cycle processes.
Descriptions of activities and design considerations for achieving those objectives.
Descriptions of the evidence that indicate that the objectives have been satisfied.
DO-178B then defines specific levels of safety criticality, from highest to lowest. These are:
|
Software Level |
Failure Condition |
Failure condition
interpretation in the Aircraft / Aviation context |
|
A |
Catastrophic |
prevent continued safe flight or landing |
|
B |
Hazardous / Severe-Major |
potential fatal injuries to a small number of
occupants |
|
C |
Major |
impairs crew efficiency, discomfort or possible
injuries to occupants |
|
D |
Minor |
reduced aircraft safety margins, but well
within crew capabilities |
|
E |
No
Effect |
does not effect the safety of the aircraft at
all |
For each software level, DO 178B identifies a specific set of objectives that must be satisfied:
Level A – 66 objectives
Level B – 65 objectives
Level C – 57 objectives
Level D – 28 objectives
Level E – none
These objectives are shared between each level e.g. the number of objective difference between level A and B is a single objective. Furthermore and depending on their level, some of these objectives have to be met with “independence” as explained in the Standard.
All these objectives are described in more detail in Annex A, Table A1 to A10 of the standard.
Level A or B are difficult targets from a technical standpoint and can consume a considerable amount of resources.
Level C is more accessible with the number of objectives similar to level A and B but less binding. Organizations beginning to use this standard usually targets level C conformance as their initial goal.
Why use DO-178B ?
A recognized standard…
Considerable and valuable effort has gone into the creation of this standard from a wide range of contributors originating from a variety of organizations. Thus this standard does not reflect the view of a single company but is a collective agreement on how to build reliable software. Elements and considerations of this standard have been reviewed and validated over several years of industry practice.
Another indicator of the quality of this standard is the carefulness that the committee has about changing any section within this document. CSL being part of this committee can bear witness about to this carefulness.
…but not a software safety standard
DO-178B does not describe how to assess safety risk. Instead it uses the results of a system safety assessment process performed according to ARP4761 to determine what level of rigor is required to achieve confidence in the behaviour of the software.
Moreover this standard is a dependable software standard, it is not a software safety standard per say. However dependable software is an essential corner stone for the safety process. While it does not directly ensure the safety of the system, a high level of confidence that the software performs its intended function is a key enabler for the effective safety analysis of a software-intensive system.
DO-178B “Software considerations in airborne systems and equipment certification” and also DO-248B “Final report for clarification of DO-178B” are available directly from RTCA at http://www.rtca.org/. DO-248B sheds some light on areas and terms used in DO-178B that are not defined in details and can be open to interpretation. It also contains a number of Frequently Asked Questions (FAQ) that relate directly to DO-178B. These FAQ clarify the intended meaning of some textual portions of DO-178B