Incident: Ford Fusion Hybrid Braking Software Glitch Investigation

Published Date: 2010-02-04

Postmortem Analysis
Timeline 1. The software failure incident with the Ford Fusion and Mercury Milan hybrids occurred in October, as indicated by Ford spokesman Said Deep mentioning that they started to see indications of the glitch in October [593]. Therefore, the software failure incident happened in October.
System 1. Ford Fusion and Mercury Milan hybrids built on or before October 17, 2010 2. Software glitch causing the car to shift unnecessarily from regenerative braking into conventional mode [593]
Responsible Organization 1. Ford Motor Co - Ford acknowledged a software glitch on Ford Fusion and Mercury Milan hybrids that could cause a loss of braking due to the car shifting unnecessarily from regenerative braking into the conventional mode [593].
Impacted Organization 1. Consumers who owned Ford Fusion and Mercury Milan hybrids built on or before October 17 were impacted by the software failure incident [593].
Software Causes 1. A software glitch on Ford Fusion and Mercury Milan hybrids built on or before October 17 caused drivers to perceive a loss of braking as the car shifted unnecessarily from regenerative braking into the conventional mode [593].
Non-software Causes 1. The braking problems in Ford Fusion and Mercury Milan hybrids were caused by a software glitch that led the car to shift unnecessarily from regenerative braking into conventional mode, affecting the braking system [593].
Impacts 1. Ford Motor Co had to fix up to 17,600 hybrid sedans due to braking problems caused by a software glitch [593]. 2. Consumer Reports experienced a braking incident where the brake pedal sank further than normal, warning lights lit up the dashboard, and the car coasted to a stop with minimal brake feel [593]. 3. The National Highway Traffic Safety Administration received complaints from motorists claiming minimal resistance in the Fusion hybrid brakes due to the software glitch [593]. 4. Ford faced criticism for not notifying consumers about the braking issue right away, similar to the situation Toyota faced with its Prius [593]. 5. Ford did not consider the software glitch a full-on recall but initiated a customer satisfaction program to upgrade the software on affected vehicles [593].
Preventions 1. Implementing thorough testing procedures during the software development phase to detect and address any potential glitches or bugs [593]. 2. Conducting more extensive real-world testing scenarios to simulate various driving conditions and situations that could trigger the software glitch [593]. 3. Improving communication channels between different departments within the company to ensure prompt notification and action on identified issues [593].
Fixes 1. Upgrading the software on the Ford Fusion and Mercury Milan hybrids built on or before October 17 to resolve the software glitch causing the braking issue [593].
References 1. National Highway Traffic Safety Administration database 2. Consumer Reports 3. Ford Motor Co spokesperson Said Deep

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident related to braking problems in hybrid vehicles occurred at Ford Motor Co. The incident involved a software glitch on Ford Fusion and Mercury Milan hybrids that could cause a loss of braking perception due to the car shifting unnecessarily from regenerative braking into conventional mode [593]. (b) The software failure incident related to braking problems in hybrid vehicles also occurred at Toyota Motor Corp. Toyota was grappling with reported braking problems on its market-leading Prius hybrid, where brakes had momentary issues after motorists rolled over potholes or bumps, allegedly causing crashes [593].
Phase (Design/Operation) design (a) The software failure incident in the Ford Fusion and Mercury Milan hybrids was related to the design phase. Ford identified a software glitch in the hybrids built on or before October 17 that caused a loss of braking perception as the car shifted unnecessarily from regenerative braking into the conventional mode. This glitch led to the brake pedal needing to be pushed further down to engage the conventional brakes, creating a disconcerting experience for drivers [593]. (b) The software failure incident was not attributed to the operation phase or misuse of the system in the articles provided.
Boundary (Internal/External) within_system (a) within_system: The software failure incident with the Ford Fusion and Mercury Milan hybrids was attributed to a software glitch within the system. Ford mentioned that the glitch could cause drivers to perceive a loss of braking as the car shifts unnecessarily from regenerative braking into the conventional mode [593]. The issue was identified by Ford in October, and they started to see indications of the glitch at that time. The fix for the problem involved upgrading the software on the affected vehicles to address the issue [593]. (b) outside_system: There is no specific mention in the articles about the software failure incident being caused by contributing factors originating from outside the system. The focus of the incident was on the internal software glitch within the Ford and Mercury hybrid vehicles that led to braking problems.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in this case was attributed to a non-human action, specifically a software glitch on Ford Fusion and Mercury Milan hybrids built on or before October 17. This glitch caused the car to shift unnecessarily from regenerative braking into the conventional mode, leading to a loss of braking and minimal brake feel for drivers [593]. (b) Human actions were also involved in this incident as Ford Motor Co waited to announce the possible braking issues despite knowing about them for months. This delay in informing consumers about the problem raised criticism, especially in contrast to Toyota's handling of a similar braking issue on its Prius hybrid [593].
Dimension (Hardware/Software) software (a) The software failure incident in this case was attributed to a software glitch on Ford Fusion and Mercury Milan hybrids built on or before October 17. The glitch caused drivers to perceive a loss of braking as the car shifted unnecessarily from regenerative braking into the conventional mode. This issue was not classified as a full-on recall by Ford as they did not see it as a brake failure, but rather a software problem. Ford announced that they would upgrade the software on the affected vehicles to address the issue [593]. (b) The software failure incident was specifically linked to a software glitch in the Ford Fusion and Mercury Milan hybrids. The glitch caused the braking problem by shifting the car from regenerative braking to conventional braking mode unexpectedly, leading to a loss of braking feel for the drivers. Ford identified this issue as originating from a software problem and announced plans to resolve it through a software upgrade for the affected vehicles [593].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident related to the braking problems in Ford Fusion and Mercury Milan hybrids was non-malicious. Ford identified a software glitch that caused the cars to shift unnecessarily from regenerative braking into conventional mode, leading to a loss of braking perception for drivers [593]. The issue was not seen as a brake failure, and Ford categorized the response as a customer satisfaction program rather than a full-on recall, as the cars still maintained full conventional braking capability [593]. (b) The software failure incident was not malicious, as there is no indication in the articles that the glitch was introduced with intent to harm the system. It was a technical issue that affected the braking system's performance in certain driving conditions.
Intent (Poor/Accidental Decisions) accidental_decisions (a) The software failure incident related to the braking problems in Ford Fusion and Mercury Milan hybrids was not due to poor decisions but rather an accidental decision or mistake. Ford acknowledged a software glitch that caused the cars to shift unnecessarily from regenerative braking into conventional mode, leading to a loss of braking perception for drivers. The automaker had known about the issue for months but waited until Consumer Reports highlighted the problem before announcing a fix. Ford considered it a customer satisfaction program rather than a full recall, emphasizing that the cars still maintained full conventional braking despite the glitch [593].
Capability (Incompetence/Accidental) development_incompetence (a) The software failure incident related to development incompetence is evident in the article. Ford Motor Co acknowledged a software glitch on Ford Fusion and Mercury Milan hybrids that could cause drivers to perceive a loss of braking due to the car shifting unnecessarily from regenerative braking into the conventional mode. Ford had known about this issue for months but waited until Thursday to announce it, similar to the criticism Toyota faced for not notifying consumers promptly about braking problems on its Prius [593]. (b) The software failure incident related to accidental factors is also apparent in the article. Consumer Reports mentioned an incident where one of its engineers ran a stop sign in a residential area due to the brake pedal sinking further than normal and warning lights lighting up the dashboard. The car coasted to a stop with minimal brake feel, indicating an accidental failure caused by the software glitch [593].
Duration temporary The software failure incident related to the braking problems in Ford Fusion and Mercury Milan hybrids was temporary. The incident was caused by a software glitch that could cause the car to shift unnecessarily from regenerative braking into conventional mode, leading to a perception of loss of braking. Ford addressed this issue by offering a software upgrade to resolve the glitch, indicating that the failure was temporary and could be rectified through a software fix [593].
Behaviour value, other (a) crash: The software failure incident in the Ford Fusion and Mercury Milan hybrids was not a crash where the system lost state and did not perform any of its intended functions. The issue was related to a software glitch causing a perception of loss of braking as the car shifted unnecessarily from regenerative braking into the conventional mode [593]. (b) omission: The software failure incident was not due to the system omitting to perform its intended functions at an instance(s). The issue was more related to a glitch causing a perception of loss of braking rather than a complete omission of braking function [593]. (c) timing: The software failure incident was not due to the system performing its intended functions too late or too early. The issue was more related to a glitch causing a perception of loss of braking rather than a timing issue [593]. (d) value: The software failure incident was due to the system performing its intended functions incorrectly. The software glitch caused the brake pedal to sink further than normal, warning lights to light up, and the car to coast to a stop with minimal brake feel, leading to a perception of loss of braking [593]. (e) byzantine: The software failure incident was not due to the system behaving erroneously with inconsistent responses and interactions. The issue was more related to a glitch causing a perception of loss of braking rather than inconsistent responses or interactions [593]. (f) other: The other behavior observed in the software failure incident was the system shifting unnecessarily from regenerative braking into the conventional mode, leading to a perception of loss of braking. This behavior was not a typical crash, omission, timing, or byzantine failure but a specific glitch causing a particular response in the braking system [593].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence theoretical_consequence (a) death: People lost their lives due to the software failure (b) harm: People were physically harmed due to the software failure (c) basic: People's access to food or shelter was impacted because of the software failure (d) property: People's material goods, money, or data was impacted due to the software failure (e) delay: People had to postpone an activity due to the software failure (f) non-human: Non-human entities were impacted due to the software failure (g) no_consequence: There were no real observed consequences of the software failure (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? The articles do not mention any consequences such as death, harm, impact on basic needs, property damage, or non-human entities due to the software failure incident. The main consequence discussed is related to the potential risk of braking issues in Ford Fusion and Mercury Milan hybrids, leading to a loss of braking perception for drivers, but Ford stated that the vehicles still maintain full conventional braking capability. The incident resulted in a formal probe by U.S. safety regulators and Ford's decision to upgrade the software to address the issue, aiming at customer satisfaction and safety.
Domain transportation (a) The software failure incident reported in the articles is related to the automotive industry, specifically affecting hybrid sedans like the Ford Fusion and Mercury Milan [593]. The issue was with the braking system of these hybrid vehicles, caused by a software glitch that led to a loss of braking perception for drivers.

Sources

Back to List