Originally Posted by
Water pilot
Anything that reads external data has to be able to anticipate bad input and do something appropriate in response. Just pretending that bad input is impossible or that somebody else will respond to it for you is not good design.
Unless you get the input from a validated source (or was claimed to be such).
Seen a lot where there's an input app (partitioned code) that's supposed to do all the validation (range checking, not jabbering, etc) and pass that on to other apps in the partition or other partitions. In this case, the AoA value was available in the code, same one used for other apps, like speed trim. It was presumed good, checked, validated, etc.
Turns out that wasn't entirely true.
I've had just that discussion before. I said everything that uses a value should check that value. They said it was already checked earlier in the system, in a higher DAL partition. I lost that argument.