@mexchip The solution, in my view, has three major components: Architecture, Process, and Culture. Architecture means that the system is designed so that when a software malfunction occurs the risks to people are minimized; but also that the software is designed so that malfunctions are rarer and more quickly detected. Process means that the procedures around software development have a logical flow that is designed to keep out and detect as many bugs as possible as quickly as possible. Just like the architecture, the pocesses should include multiple layers of defense. For example, both peer code review and static analysis should be performed (and more, of course). Culture means that the company helps the engineers make the correct architectural and process decisions and supports them in following through over time. Safety culture is broken if shipping by a certain date drives decisions that could negatively affect safety.