Date: Thu, 22 Sep 94 12:30:09 PDT
Subject: Risky business
Forwarded-by: Chris LaFournaise <email@example.com>
From a talk given by Professor Nancy Leveson, Dept of Computer Science
and Engineering, University of Washington, on Software Safety &
Reliability (IEEE & ACM Sponsored 4/20/94) :
* An F16 pilot was sitting on the runway doing the pre-flight and
wondered if the computer would let him raise the landing gear while on
the ground - it did...
* When initially developing the sidewinder missile pylon mounting there
were a few problems. The software would release the latch and fire the
missile - initially however the latch was closed shortly thereafter not
allowing enough time for the missile to leave the wing. Imagine the
pilots dismay when there was a bunch of extra thrust attached to one of
* The F16 has a sophisticated software system that performs load
balancing to optimize flight performance. This includes dropping empty
fuel tanks in such a way as to balance the plane. A minor prerequisite
to dropping the tanks was overlooked in the software - it's usually a
good idea to be upright when releasing the tanks. Imagine flying
upside down and having empty fuel tanks come flying off...
* A manufacturer of torpedoes for the Navy wanted to make a 'safe'
torpedo. Their initial solution was to cause the torpedo to
self-destruct if it made a 180 degree change in course. On the test
run for this new 'safe' torpedo the captain fired the torpedoe and
nothing happened. So the captain ordered the sub back to base,
executing a 180 degree turn...
© 1994 Peter Langston