Candidate:
José Eduardo Ferreira Ribeiro
Date, Time and Location:
30th of June 2025, 14:30, Sala de Atos, Faculdade de Engenharia da Universidade do Porto
Title:
”Towards Continuous Certification of Software Systems for Aerospace”
President of the Jury:
Rui Filipe Lima Maranhão de Abreu (PhD), Full Professor, Department of Informatics Engineering, Faculdade de Engenharia da Universidade do Porto.
Members:
Miguel Mira da Silva (PhD), Full Professor, Department of Computer Science and Engineering, Instituto Superior Técnico da Universidade de Lisboa;
João Miguel Lobo Fernandes (PhD), Full Professor, Departament of Informatics, Escola de Engenharia da Universidade do Minho;
João Carlos Pascoal Faria (PhD), Full Professor, Department of Informatics Engineering, Faculdade de Engenharia da Universidade do Porto;
João Gabriel Monteiro de Carvalho e Silva (PhD), Full Professor, Department of Informatics Engineering, Faculdade de Ciências e Tecnologia da Universidade de Coimbra (Co-Supervisor).
The thesis was supervised by Ademar Manuel Teixeira de Aguiar (PhD), Associate Professor of the Department of Informatics Engineering, Faculdade de Engenharia da Universidade do Porto.
Abstract:
Since the publication of the Agile Manifesto in 2001, Agile methods have evolved to become the dominant approach in software development across diverse domains. However, their adoption in safety-critical systems development, such as aerospace, remains limited for reasons usually attributed to the stringent regulatory safety requirements imposed by domain-specific standards. This dissertation explores the applicability of Agile methods within the context of safety-critical aerospace software development, specifically under the guidelines of the DO-178C standard, and concludes that, contrary to common belief, Agile methods can be effectively used also in this context. The DO-178C standard, titled Software Considerations in Airborne Systems and Equipment Certification, is the principal certification guideline for aviation software for agencies such as Federal Aviation Administration (FAA) and European Union Aviation Safety Agency (EASA).
A key observation from discussions with professionals across different organizations and industries with strong safety requirements, including space, aerospace, railway, automotive, energy, and defence, is the widespread perception that traditional methods like the Waterfall model are indispensable, if not mandatory, for compliance and successful certification. This perception derives from the rigorous safety-related evidence required for certification. In aerospace software development, the minimal adoption of Agile methods and practices is attributed to the demands of DO-178C, regarded as a restrictive standard. However, contrary to this belief, DO-178C does not mandate any specific development method but instead provides guidelines and objectives to achieve the necessary safety-related evidence. This flexibility opens the possibility for Agile methods to be adapted to meet certification requirements while offering their well-documented advantages of incremental delivery and adaptability to changing requirements.
This research examines whether Agile methods, particularly the Scrum framework, can be effectively integrated into the development of safety-critical aerospace software systems while maintaining full compliance with DO-178C. The study introduces Scrum4DO178C, a novel Agile-friendly process tailored to address the specific challenges of aerospace software development, including its extensive verification and validation (V&V) efforts. Through a comprehensive review of literature, industry practices and data, as well as real-world insights from an industrial case study involving a critical aerospace project (Software Level A – Catastrophic), the research evaluates the feasibility and benefits of this approach. The case study demonstrates that Scrum4DO178C improves project performance, enhances responsiveness to changing requirements and reduces V&V efforts, in comparison with Waterfall, while fully complying with DO-178C.
The findings challenge the prevailing notion that Agile is inherently incompatible with safety-critical domains and suggest that when adapted thoughtfully, Agile methods can complement the rigorous standards requirements like DO-178C. By bridging the gap between Agile methods, practices and safety-critical development, this work advocates for a paradigm shift in developing safety-critical software, promoting a more adaptive, customer-centric approach. Specifically, this research highlights Agile’s capacity to accelerate knowledge acquisition through shorter delivery cycles and feedback loops, improve traceability, and manage late-stage requirement changes more efficiently, also in the aerospace domain.
Building on this foundational work, ongoing efforts are underway to enhance the Scrum4DO178C process through automation, enabling the automatic generation and reuse of outputs required for DO-178C compliance. Additionally, future research will extend these concepts to other aerospace standards and safety-critical domains, ensuring their applicability and compliance across diverse regulatory frameworks. Supported by collaborative initiatives with universities (e.g Master’s thesis projects at the Faculty of Engineering, University of Porto (FEUP) and the Informatics Engineering Departament of the University of Coimbra (UC)) and industry partners, this research aims to reshape industry perceptions of Agile’s role in safety-critical systems, fostering innovation and adaptability in these complex environments.
Keywords: Agile; Aerospace; DO-178C; FAA; Safety-critical; Software development.