Why does automotive quality management still lack attention to software?

How many lines of software are there in a modern car? Ford F150, like the name suggests, runs on approximately 150 million lines1. And how many lines are there in a modern passenger jet? Should be more, right? The Boeing 787 Dreamliner carries, in fact, only seven million lines2. In an F150, a single subsystem would on average contain more code than the whole Dreamliner.  So why then, isn’t the F150 able to land on Mars?

“Software size is one subtle clue that hints at the existence of latent quality problems.

Like many other trades, software engineering has its subtle clues. Software size is one that hints at the existence of latent quality problems. Eventually, large software tends to escape their creator’s understanding, introduce new forms of failure and suffer from unforeseen multiple point failures3. In today’s connected world, software size also translates to the size of the target vector for cybersecurity attacks, which are a rising concern for consumers4. Is the industry spending enough attention on software quality?

IATF 16949 is the bible for automotive quality management systems. From its thousand requirements, a dozen address software development processes specifically. In addition, the 16949 hints at two relatively common standards: ASPICE for software process improvement and capability determination, and ISO 26262 for functional safety. Part six of the latter is the only standard that has, in itself quite reasonable, requirements on the software, not just the development process.

“The automotive industry lacks quality requirements for software.

The automotive industry does not lack quality requirements, nor quality requirements for software development processes – it lacks quality requirements for software. Looking forward, this omission is detrimental for both the business and the quality. Academia has spent decades trying to define metrics to measure software quality. Practitioners know that while metrics serve as subtle clues, they cannot be applied out of context – like I did above. How would the practitioner’s view fit into the metrics and standards driven automotive industry?

The solution is simple: expert evaluation by a third party, backed up by an informative list of subtle clues based on lessons learned and publications released in the software industry. Hear the screams already? How expensive it must be to have the 150 million lines evaluated by an expert? Well, maybe the requirement for expert evaluation would drive the size of the software down and be cost-effective in middle to long term. Maybe software would be more re-usable. And maybe, our cars would spend less time standing at workshops. What do you think?



1 eit Digital. 2016-01-13. Guess what requires 150 million lines of code…

2 USA Today. 2016-06-28. Your average car is a lot more code-driven than you think.

3 As explained by Richard I. Cook in his article “How Complex Systems Fail”.

4 As explained by my colleague Mikko in his blog post “Cybersecurity in connected cars – how do consumers see the rising cybersecurity threats”.

Juha leverages his wide expertise in information technology, program management and business development to grow companies. During the past ten years he has worked with both embedded and enterprise systems in several positions and industries, including medical and online gambling to name a few. At Link Motion, Juha gets the possibility combine his embedded systems and cloud knowledge in developing connected cars. He is also responsible for the quality and compliance of Link Motion’s products. In addition to various certifications, Juha holds an M.Sc. in Engineering, BBA in Management and an honorary membership in the grumpy old men’s club.