Incident: Faulty Software Causes Volvo Engine Shutdown Recall

Published Date: 2016-02-20

Postmortem Analysis
Timeline 1. The software failure incident of faulty software causing engine shutdown in Volvo cars happened in mid-2015 [40511].
System 1. Engine and electric system [40511]
Responsible Organization 1. Volvo (Article 40511)
Impacted Organization 1. Owners of Volvo cars - [40511]
Software Causes 1. The software failure incident was caused by faulty software that can briefly shut down the engine in Volvo cars, affecting models S60, V60, XC60, V70, and XC70 built from mid-2015 [40511].
Non-software Causes 1. Faulty hardware components in the cars such as the engine or electric system [40511].
Impacts 1. The software failure incident led to the recall of 59,000 Volvo cars, including more than 7,000 in the UK, due to the faulty software that can briefly shut down the engine [40511]. 2. Owners of the affected cars were required to take their vehicles to the local dealership for a 30-minute no-fee fix, causing inconvenience to the customers [40511]. 3. The glitch in the software was described as "unpleasant" by the group spokesman, Stefan Elfstrom, indicating a negative user experience [40511]. 4. While the software failure incident did not result in any reported accidents, it still posed a potential safety risk to the drivers and passengers of the affected vehicles [40511].
Preventions To prevent the software failure incident of Volvo cars being recalled due to faulty software that can briefly shut down the engine, the following measures could have been taken: 1. Thorough Testing Procedures: Implementing rigorous testing procedures during the software development phase could have helped identify and rectify the glitch before the cars were released to the market [40511]. 2. Quality Assurance Checks: Conducting comprehensive quality assurance checks on the software to ensure its reliability and stability under various conditions could have prevented the issue [40511]. 3. Continuous Monitoring: Implementing a system for continuous monitoring of software performance in real-world scenarios could have detected the glitch early on, allowing for a proactive fix before it became a widespread problem [40511].
Fixes 1. Owners of the affected Volvo cars can take their vehicles to their local dealership for a 30-minute no-fee fix [40511].
References 1. Group spokesman Stefan Elfstrom - Article 40511

Software Taxonomy of Faults

Category Option Rationale
Recurring multiple_organization (a) The software failure incident having happened again at one_organization: The article does not mention any previous incidents of a similar nature happening within Volvo or with its products and services. Therefore, there is no evidence to suggest that this specific software failure incident has happened again within the same organization. (b) The software failure incident having happened again at multiple_organization: The article mentions that Volvo is recalling 59,000 cars due to faulty software that can shut down the engine. This indicates that the software failure incident has affected multiple organizations (car owners) across 40 markets where the affected cars were sold, including Sweden, Britain, and Germany [40511].
Phase (Design/Operation) design (a) The software failure incident in the Volvo cars was due to a design issue related to faulty software that could briefly shut down the engine. This issue was present in five-cylinder diesel models built from mid-2015 [40511]. The glitch in the software was causing the engine and electric system to shut down briefly, requiring a fix at the dealership to address the issue.
Boundary (Internal/External) within_system (a) The software failure incident described in the article is within_system. The article mentions that Volvo is recalling 59,000 cars over faulty software that can briefly shut down the engine. The glitch is related to the software within the cars themselves, leading to the engine shutdown issue [40511].
Nature (Human/Non-human) non-human_actions (a) The software failure incident in this case is attributed to a glitch in the software that can briefly shut down the engine of Volvo cars. The article mentions that the glitch can be "unpleasant" but does not provide information about any accidents caused as a result, indicating that the failure was due to non-human actions [40511].
Dimension (Hardware/Software) hardware, software (a) The software failure incident in the article is related to hardware. The article mentions that Volvo is recalling 59,000 cars over faulty software that can briefly shut down the engine. This indicates that the issue originates in the hardware of the cars, specifically in the interaction between the software and the engine system [40511].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident described in the article is non-malicious. It is a result of faulty software that can briefly shut down the engine in certain Volvo car models. The glitch is not attributed to any malicious intent but rather to a technical issue within the software itself. The company is taking proactive measures to address the issue by recalling the affected vehicles for a fix at no cost to the owners [40511].
Intent (Poor/Accidental Decisions) unknown The software failure incident involving Volvo's recall of 59,000 cars was due to a faulty software that could briefly shut down the engine. The incident does not provide specific details indicating whether the failure was a result of poor decisions or accidental decisions. The article mentions that the glitch can be "unpleasant," but there is no information about any accidents caused as a result of the software issue. Therefore, based on the information provided in the article, it is unknown whether the software failure was due to poor decisions or accidental decisions.
Capability (Incompetence/Accidental) accidental (a) The software failure incident in this case seems to be more related to accidental factors rather than development incompetence. The article mentions that Volvo is recalling 59,000 cars over faulty software that can briefly shut down the engine. The issue is described as a glitch, and the company spokesperson mentioned that the glitch can be "unpleasant" but there is no information about any accidents caused as a result. This indicates that the failure was not due to development incompetence but rather an accidental flaw in the software [40511].
Duration temporary The software failure incident mentioned in Article 40511 is temporary. The faulty software in Volvo cars can briefly shut down the engine, but both the engine and electric system start up again immediately after shutting down. This indicates that the failure is not permanent but rather temporary in nature [40511].
Behaviour crash, other (a) crash: The software failure incident in the article is related to a crash where the faulty software can briefly shut down the engine, causing the system to lose its state and not perform its intended function of keeping the engine running [40511]. (b) omission: There is no specific mention of the software omitting to perform its intended functions at an instance in the article. (c) timing: The article does not indicate that the software performed its intended functions too late or too early. (d) value: The software failure incident does not involve the system performing its intended functions incorrectly. (e) byzantine: The software failure incident does not exhibit the system behaving erroneously with inconsistent responses and interactions. (f) other: The behavior of the software failure incident in the article is related to a crash where the engine and electric system start up again immediately after shutting down, indicating a temporary loss of function [40511].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence unknown (a) death: People lost their lives due to the software failure (b) harm: People were physically harmed due to the software failure (c) basic: People's access to food or shelter was impacted because of the software failure (d) property: People's material goods, money, or data was impacted due to the software failure (e) delay: People had to postpone an activity due to the software failure (f) non-human: Non-human entities were impacted due to the software failure (g) no_consequence: There were no real observed consequences of the software failure (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? Based on the provided article, the consequence of the software failure incident was that there were no reported accidents or harm caused as a result of the glitch in the Volvo cars' software. The article mentions that the glitch can be "unpleasant," but there is no information about any accidents caused by the software failure. The engine and electric system start up again immediately after shutting down, indicating that the impact was not severe [40511].
Domain transportation, unknown (a) The failed system was intended to support the transportation industry. The software failure incident involved Volvo recalling 59,000 cars due to faulty software that could briefly shut down the engine [40511]. This directly impacts the transportation sector as the affected vehicles are part of Volvo's lineup of cars. (b) The failed system was intended to support the transportation industry. The software failure incident involved Volvo recalling 59,000 cars due to faulty software that could briefly shut down the engine [40511]. This directly impacts the transportation sector as the affected vehicles are part of Volvo's lineup of cars. (c) unknown (d) unknown (e) unknown (f) unknown (g) unknown (h) unknown (i) unknown (j) unknown (k) unknown (l) unknown (m) unknown

Sources

Back to List