To: Editor, Embedded.com, Insights section.
It is disappointing to see serious problems in the December 3, 2017 article “Why every embedded software developer should care about the Toyota verdict” by David Cummings. The author’s analysis is factually incorrect. Combined with his failure to acknowledge a significant conflict of interest, his article should be considered with skepticism.
The author fails to mention that he and his company are on the payroll of a large automotive company currently involved in an unintended acceleration class action case that also involves the expert discussed in his paper. Since the author saw fit to withhold mention of this extremely relevant conflict of interest, one must question the author’s true motives in publishing a series of pieces aimed at criticizing the expert’s testimony.
The author criticizes Toyota UA case expert testimony, saying it is according to a double standard. He bases this on characterizing the Ballista project as having been written by “the expert and his team.” However, the code in question was developed by a student project group under the supervision of another faculty member in a different department. In other words, the testifying expert didn’t write the code, and didn’t supervise the quality of the code. That project succeeded as a DARPA-funded proof of concept exercise, which was the goal. As readers should expect, non-critical research code written by students still learning basic software engineering practices should not be assumed to strictly follow life-critical software product practices.
There are other technical issues and flaws with the author’s analysis, such as inventing a novel “scale up” global variable metric with no literature support for such an approach. However, details aren’t worth discussing, because the premise of his analysis is fundamentally incorrect.
The author additionally criticizes the expert for not having seen Toyota’s code. That was not for lack of trying. Rather, Toyota spent significant effort preventing access to their code. The expert testimony was, however, based on first-hand knowledge of hundreds of pages of detailed reports from both NASA and other expert analysis of the code. The opinions were based on the totality of that information as well as numerous technical design documents. The full reasoning behind the opinions and use of terminology that the author criticizes is subject to a protective order, and trial transcripts are by necessity summaries of opinions. However, Toyota had full opportunity to challenge and rebut the technical analysis during the case, and was unsuccessful in doing so. The author also does not really discuss the crux of the expert testimony, which had to do with whether Toyota followed accepted practices in creating safety critical software, and the existence of a hardware single point of failure.
If readers want to truly understand the who, what, and why of creating safety critical and mission critical software, including a module with a much more complete story of what really happened in the Toyota UA cases, they are invited to look at freely available course lectures on the topic at:
Prof. Philip Koopman
Carnegie Mellon University
Prof. Koopman has testified in both the Toyota UA trial and a currently ongoing unintended acceleration class action lawsuit.