Reducing the Risk of a Software Common Mode Failure

Abstract

We describe the nature of a common mode failure, illustrating why software-based components can be particularly susceptible.  A number of historical accidents and incidents are used to demonstrate this is not just a theoretical risk.  Previous academic research, existing standards and historical civil air programmes are surveyed. This shows the importance of software common mode failure is recognised, but there is no preferred way of protecting against it.  A set of criteria are proposed, which provide a means of assessing protections that have been implemented within a system design.  These are used to highlight approaches to protection that are suggested for future air systems (and other safety-related applications).