by Virginia Sagal
DO-178C is the international standard for certifying all aviation safety-critical software. The need to comply with DO-178C can add significant costs to programs under development as well as stir up some myths. Since this is an issue affecting pilots not only in our region here in the US but also globally, it is well worth considering the latest views of organizations such as AFuzion on the matter:
Myth #1: DO-178C is too expensive for EVTOL/UAV’s.
A widespread myth is that DO-178C is expensive when applied to EVTOL/UAV’s. This option is certainly not cheap as Level D software has certain requirements to fulfill. Additionally configuration management, quality assurance and DER liaison are applied to Level D, however the costs are estimated to be around 15% higher than medium quality software developed in the typical CMMI Level 2-3 process.
This cost is higher because Level D is made out of industry standard software engineering principles. Many companies who are new to the DO-178C framework tend to believe that their prior planning, requirements, designs tests and reviews must be redone. This is not the case as a DO-178 Gap Analysis will help to find existing processes and re-use these processes while identifying gaps to fulfill DO-178 requirements. A typical gap analysis takes an average of two to four weeks to perform.
Myth #2: Costs escalate dramatically when moving from DO-178 Level B to Level A.
This myth is quite untrue for an interesting reason: the single largest difference between Level A and Level B systems is the 100x greater reliability required by Level A per ARP-4761A. This reliability must come from the system or hardware and not the software. This is done by increasing the hardware/system redundancy which in turn increases total aircraft and EVTOL/UAV cost. However the difference in software cost between Level A and Level B is minimal due to tools which accomplish the MCDC and source/object correlation activities.
Myth #3: Level B is 50 – 70% more expensive than Level C.
At first glance this would seem to be the case, as Level B requires additional structural coverage. In theory it seems to make sense that Level B is indeed more expensive, but in practice DO-178C requires detailed low-level requirement verification beginning with Level C and those low level requirements will cover the majority of software logic decisions. During requirements testing most branches in the source code are already covered, thus eliminating the need for extra structural coverage.The DO-178C’s enhanced requirements-based testing already mitigates the significant cost increase that seems to be associated with Level B versus Level C.
Myth #4: Level A is extremely difficult to achieve and expensive.
Level A does impose more structural coverage requirements and more independence within reviews, however the most significant cost driver is the MCDC testing requirement. It is possible through the proper application of modern structural coverage tools, personnel training and thorough requirements-based testing to mostly contain the costs associated with Level A, making this software only slightly more costly than Level B. It is for this reason that most COTS EVTOL/UAVs in the pursuit of Level B certifiability opt for Level A instead.
Myth #5: The cost difference between Level D and C is not significant.
The most significant cost differential within the DO-178C comes between Level D and Level C as Level C requires certain key objectives that Level D does not. Some of these objectives include ensuring complete coverage of all source code statements, rigorous configuration management, testing of low-level software requirements and the assessment of requirements, design and code to standards. Level C requires up to 35% more effort than Level D.
The author of The Aviation Development Ecosystem takes a sober, hard look at the complexities and issues regarding DO-178C, ARP4754A, DO-254 and related guidelines. Having worked on over 400 successful aviation/avionics projects for 300 of the world’s largest companies, Afuzion CEO, Vance Hilderman, is in a unique position to share industry insider expertise.
Phil Bolos shared his impressions of the book. “The author has done a great job of making these easy to understand and apply in the field. He is clearly an expert on these topics as he effortlessly explains aircraft, the systems that are used with the aircraft, along with the software and hardware that goes into making these systems work. Anyone working in this field will greatly benefit from reading this work and having it nearby as I am sure it will work as an excellent reference book”.
