I've read the audit and basically it was done by a guy with no clue about the automotive world. He compared the code with the one made at nas. In the end they indeed did not find the root cause, but they had to say something as they are the "experts". So they pointed at "bad practices" like global variables.
What if i tell you that a pretty big chunk of the cars on the road are running software which are using global variable as means to exchange data between modules ? Well, that's how it is done and it isn't less safe. The last SW i worked with had 20000 global variables and 60000 parameters that the calibration guys could fiddle with.
Serious suppliers are applying safety standard and methodology and are not rushing the FMEA. Countless times my customer cursed at the safety guys for postponing the SW because they were not finished with testing, but this very same customer never had to stand in court for a safety issue with the SW, and so are many other carmaker.
When the Toyota pedal issue came out, we just could not believe that Toyota did not have the gas pedal override by brake safety in their SW.
What if i tell you that a pretty big chunk of the cars on the road are running software which are using global variable as means to exchange data between modules ? Well, that's how it is done and it isn't less safe. The last SW i worked with had 20000 global variables and 60000 parameters that the calibration guys could fiddle with.
Serious suppliers are applying safety standard and methodology and are not rushing the FMEA. Countless times my customer cursed at the safety guys for postponing the SW because they were not finished with testing, but this very same customer never had to stand in court for a safety issue with the SW, and so are many other carmaker.
When the Toyota pedal issue came out, we just could not believe that Toyota did not have the gas pedal override by brake safety in their SW.