| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the Boeing Dreamliner's fire-fighting system has happened again within the same organization. Boeing faced a software malfunction issue earlier with its 737 Max aircraft, where a software fault was suspected of causing two fatal crashes [Article 85740]. This incident highlights a recurring concern within Boeing regarding software-related safety issues.
(b) The software failure incident related to the Boeing Dreamliner's fire-fighting system has also happened at multiple organizations. The Federal Aviation Administration (FAA) issued an airworthiness directive warning that the problem with the fire-fighting system on the Dreamliner is likely to exist or develop in other products of the same design, indicating a potential industry-wide issue [Article 85740]. Additionally, the FAA identified safety flaws in Boeing's 787 jets, affecting a broader range of aircraft beyond just Boeing [Article 85695]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase is evident in the articles. Boeing's Dreamliner fleet faced a critical fire-fighting system issue where the switch used to extinguish an engine fire and sever fuel supply and hydraulic fluid had failed in a "small number" of cases. This failure was attributed to a design flaw where long-term heating could cause the fire switch to stick in the locked position, rendering it unable to release the fire extinguishers in each engine [85740, 85695].
(b) The software failure incident related to the operation phase is also highlighted in the articles. Despite the identified risk to the flying public due to the malfunctioning fire-fighting system, the Federal Aviation Administration (FAA) decided not to ground the fleet of Dreamliners but instead ordered airlines to check the switch every 30 days. This decision to continue operating the aircraft despite the known safety issue can be considered a failure in the operation phase, where the system was allowed to be used with a known potential risk [85740, 85695]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident related to the Boeing Dreamliner fleet's fire-fighting system was primarily within the system. Boeing issued an alert warning that the switch used to extinguish an engine fire and sever fuel supply and hydraulic fluid failed in a "small number" of cases [85740, 85695]. The issue was identified as a potential malfunction within the design of the fire switch itself, leading to concerns about the safety of the aircraft [85740, 85695]. Boeing mentioned that fewer than 1% of fire switches proved defective, indicating an internal system issue with the design or manufacturing of the switch [85740, 85695].
(b) outside_system: The software failure incident was also influenced by factors outside the system. The Federal Aviation Administration (FAA) was involved in assessing the issue and deciding on the course of action regarding the Dreamliner fleet [85740, 85695]. The FAA's decision not to ground the fleet despite admitting a risk to the flying public suggests external regulatory considerations impacting the handling of the incident [85740, 85695]. Additionally, the article mentions previous incidents with Boeing aircraft, such as the 737 Max crashes, which could have influenced the external perception and response to the Dreamliner fire-fighting system issue [85740, 85695]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
- The software failure incident in the Boeing Dreamliner fleet was related to a critical fire-fighting system, specifically the fire switch used to extinguish an engine fire and sever fuel supply and hydraulic fluid to prevent flames from spreading [85740, 85695].
- Boeing issued an alert warning that the fire switch had failed in a "small number" of instances, indicating a potential malfunction in the system [85740, 85695].
- The Federal Aviation Administration (FAA) acknowledged the problem and stated that it was likely to exist or develop in other products of the same design, highlighting a non-human factor contributing to the software failure [85740, 85695].
- The FAA ordered airlines to check the switch every 30 days to address the issue caused by long-term heating, which could cause the fire switch to stick in the locked position, rendering it unusable to release the fire extinguishers in each engine [85740, 85695].
(b) The software failure incident occurring due to human actions:
- Pilots and air crew raised concerns about the safety implications of the defective fire switch, indicating human involvement in identifying the potential risks and consequences of the software failure incident [85740, 85695].
- An anonymous pilot criticized Boeing's attitude towards the risk associated with the malfunctioning fire switch, suggesting that human judgment and decision-making played a role in evaluating the severity of the issue [85740, 85695].
- Boeing faced criticism for its handling of safety concerns and production practices, with pilots expressing concerns about the company prioritizing speed of production over safety, indicating potential human factors contributing to the software failure incident [85740, 85695]. |
| Dimension (Hardware/Software) |
hardware |
(a) The software failure incident occurring due to hardware:
- The incident reported in the articles is related to a critical fire-fighting system on Boeing's Dreamliner fleet, specifically the switch used to extinguish an engine fire and sever fuel supply and hydraulic fluid to prevent flames from spreading [85740, 85695].
- The hardware component, in this case, is the fire switch that is designed to perform crucial functions in case of an engine fire, but has been found to have the potential to malfunction due to long-term heating, causing it to stick in the locked position and rendering it ineffective in releasing the fire extinguishers in the engines [85740, 85695].
(b) The software failure incident occurring due to software:
- The articles do not mention any software-related contributing factors that originated in software leading to the reported software failure incident. The focus of the incident is on the malfunction of the fire-fighting system's hardware component, specifically the fire switch [85740, 85695]. |
| Objective (Malicious/Non-malicious) |
non-malicious |
(a) The software failure incident related to the Boeing Dreamliner fleet's fire-fighting system does not appear to be malicious. There is no indication in the articles that the failure was due to contributing factors introduced by humans with the intent to harm the system. The incident seems to be a result of a technical malfunction in the fire switch used to extinguish engine fires on the aircraft [85740, 85695].
(b) The software failure incident is non-malicious, as it is attributed to a technical issue with the fire-fighting system on the Boeing Dreamliner fleet. The failure of the fire switch to function properly is described as a potential malfunction caused by long-term heating, leading to the switch becoming stuck in the locked position [85740, 85695]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
The articles provide information related to both poor decisions and accidental decisions contributing to the software failure incident:
(a) poor_decisions:
- The software failure incident involving the Boeing Dreamliner fleet was partly attributed to poor decisions made by Boeing in terms of safety measures and risk assessment. Pilots and critics raised concerns about Boeing's attitude towards the risk of engine fires and the lack of a manual override for deploying engine fire extinguishers, indicating a potential disregard for safety concerns [85740, 85695].
- Boeing's decision to increase production speed and replace quality control inspectors with smart technology was criticized as compromising safety, suggesting a prioritization of cost-cutting measures over ensuring safety standards [85740, 85695].
(b) accidental_decisions:
- The software failure incident involving the malfunctioning fire-fighting system on the Boeing Dreamliner fleet was also influenced by accidental decisions or mistakes, such as the failure of the fire switch in a small number of instances due to long-term heating causing it to stick in the locked position [85740, 85695].
- The incident with the Dreamliner fleet was not intentional but rather a result of unintended consequences of the design and functionality of the fire-fighting system, highlighting accidental decisions that led to the software failure [85740, 85695]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident related to development incompetence is not explicitly mentioned in the provided articles. Therefore, it is unknown whether the failure was due to contributing factors introduced due to lack of professional competence by humans or the development organization.
(b) The software failure incident related to accidental factors is evident in the articles. The incident involving the malfunction of the fire-fighting system on Boeing's Dreamliner fleet was accidental in nature. The failure of the switch used to extinguish an engine fire and sever fuel supply and hydraulic fluid was reported to have occurred in a "small number" of cases, indicating an accidental occurrence [85740, 85695]. |
| Duration |
temporary |
The software failure incident related to the critical fire-fighting system on Boeing's Dreamliner fleet can be categorized as a temporary failure. The incident involved a specific switch used to extinguish an engine fire that failed in a "small number" of cases [85740, 85695]. Boeing issued an alert warning about this specific switch issue, indicating that the problem was not a permanent, widespread failure affecting all instances of the system but rather a temporary issue affecting only a limited number of cases. |
| Behaviour |
other |
(a) crash: The software failure incident in the articles does not involve a crash where the system loses state and does not perform any of its intended functions. The incident is related to a potential malfunction in the fire-fighting system switch on Boeing's B787 Dreamliner aircraft, which could fail to release the fire extinguishers in case of an engine fire [85740, 85695].
(b) omission: The software failure incident does not involve an omission where the system omits to perform its intended functions at an instance(s). The issue here is the potential failure of the fire-fighting system switch to release the fire extinguishers in the engines in case of an engine fire [85740, 85695].
(c) timing: The software failure incident is not related to timing issues where the system performs its intended functions correctly but too late or too early. The concern is about the fire-fighting system switch potentially failing to release the fire extinguishers when needed in case of an engine fire [85740, 85695].
(d) value: The software failure incident does not involve a value issue where the system performs its intended functions incorrectly. The issue here is the potential failure of the fire-fighting system switch to release the fire extinguishers in the engines in case of an engine fire [85740, 85695].
(e) byzantine: The software failure incident does not exhibit a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. The main concern is the potential malfunction of the fire-fighting system switch on Boeing's B787 Dreamliner aircraft, which could lead to the inability to release the fire extinguishers in case of an engine fire [85740, 85695].
(f) other: The behavior of the software failure incident in the articles can be categorized as a potential critical safety issue due to the malfunction of the fire-fighting system switch on Boeing's B787 Dreamliner aircraft. This issue raises concerns about the safety of passengers and crew in case of an engine fire, as the switch may fail to release the fire extinguishers, potentially compromising the ability to control a fire onboard [85740, 85695]. |