Originally Posted by
Thistle42
I have worked for US companies such as Xerox and they used CMM (as it was back then, now CMMI) as a process to control software changes. This was for an embedded controller for a multifunction machine with greater than a million LOC. The thing is that this process actually worked! No change was so trivial that you did not have to run it past a meeting of peers and librarian and justify the change and potential side effects with a backout plan as well. So how did any code change on the MAX not get scrutiny?
Configuration management is alive and well. Required for a DO-178 process (which is required for aviation). You even have to spell out how you will do it in planning documents, ostensibly before you start development. Changes are tracked, reviewed, connected to problem reports/change requests, etc. Lots of scrutiny.
The issue is does the code change trigger a safety review. DO-178 leaves it to the change maker or other reviewers to decide. But the guys writing the code and making those changes (and their management) don't really understand the airworthiness impact.