What do we do now?
The Toyota case has also given EE Times community members moments to think where they must go next. Their suggestions ranged from the need for peer review for code to NHTSA's role. Some questioned why there is no equivalent to FAA rules in NHTSA, or no third-party certifications for critical software spec.
This may be true for other auto maker. The speed at which new technology come to market, they are also prone to similar error. What are the steps suggested to prevent future errors like this. Is it really possible to prevent it 100%?
…As others have commented, it's no doubt true that the designer is often blind to faults in his design…that’s why it takes peer review to get complicated things done right.
From what I've read, if all we've read is factual, such a peer review appears to have been hurried, maybe, at Toyota. Maybe. Controls with safeguards, fail-safes, proper redundancy, voting, and so forth, can be designed, are being designed, and will beat the safety records of anything manual hands down.
…Recently Boeing was forced to ground an entire generation of new aircraft due to a battery control problem. Why doesn't the NHTSA have the authority to take faulty cars off the road?
Seems here that the Department of Transportation (and regulators in other countries) are at fault here. They should have proper code/architecture guidelines!
…I have not been involved with this for a few decades, so they may be doing different things today, but cars should also adhere to similar standards required by the DOD/FAA.
IMHO Toyota should be forced to publish the complete source code of the faulty ECU, as an object lesson to the industry. Clearly it's not suitable for commerce. I can't see how confidentiality can apply when people die.
Cost and time-to-market pressure
No surprise to anyone in the engineering community, but put under an increasingly tighter cost and time-to-market pressure, our readers pointed out something has got to give. That may be unfortunately reliability of software and hardware.
…sadly automotive electronics is designed to a cost in tight competition with other suppliers with the winning bit being over as little as 50c (I worked for Delco Electronics for a number of years, and this is based on actual experience) so for something to be less than ideal is expected. I think there should only be large payouts for gross negligence. I don't have enough info to opine as to whether Toyota met this criteria, but really if we want drive by wire and steer by wire then the design rigor must be more in tune with the aircraft industry even if it means that the drive by wire system in car 'X' is a $50,000 option, none of this $500 dollar option because we got it for 10c extra in the competitive bid process. If we want real solutions we need to start paying real prices for them.
It is possible to reduce errors to effectively zero, but it is very hard. Complex will always be less reliable than simple, unless that complexity is focused on reliability (for example, overlapped and crosschecked operation of independent systems). The system (hardware and software) has to be independently verified, since developers have blind spots around their own work. The real issue is that it can't be rushed. Making reliability trump schedule would avoid many problems of this type, but especially recently that is a hard case for engineers to make to management.