The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,513 other followers

LeanEssays: What If Your Team Wrote the Code for the 737 MCAS System?

Posted by jpluimers on 2021/04/06

[WayBack] LeanEssays: What If Your Team Wrote the Code for the 737 MCAS System?.

When involved in writing systems, I always ask the question “Is a large crisis possible because of this system?”. When yes, such a system needs engineering mode, resulting much more vigorously asking questions on the things that can wrong and how to prevent anything that can go wrong.

So I wholeheartedly agree with Mary Poppendieck making these statements in the above article:

  1. One thing we knew for sure – we were responsible for designing safe systems, and we were not going to delegate that responsibility to anyone else. Another thing we knew for sure was that anything that could go wrong would eventually go wrong – so every element of our systems had to be designed to fail safely; every input to our system was suspect; and no output could be guaranteed to reach its destination. And because my seasoned engineering colleagues were suspicious of automation, they added manual (and very visible) emergency stop systems that could easily and quickly override my automated controls.
  2. would you write the code as specified, or would you ask some questions – such as “What if the stall signal is wrong, and there really isn’t a stall?” Or “Under what conditions do we NOT send an adjustment signal?” Or “When and how can the system be disabled?”

Software engineers need to understand what civil engineers learn as undergraduates – safety is not someone else’s job; it is the responsibility of every engineer involved in the design and implementation of a system whose failure might cause harm. If your team is not ready to accept this responsibility, then call yourselves developers or programmers or technicians – but not engineers.

Proper engineers can do this, even in an agile environment.


Via [WayBack] Mary Poppendieck on Twitter: “It was not a software malfunction that caused two 737 MAX airplanes to crash – the software did exactly what it was supposed to do. But does this mean that software engineers have no responsibility for safety? My 2 cents: …”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: