International Aviation Software Summit 2021

About the Event

The International Aviation Software Summit is an international event for aviation software experts. The Summit occurred virtually June 23 and 24, 2021, was free to attend and included three hours of programming each day plus on-demand sessions.  The event, co-produced by EUROCAE and RTCA, Inc., gathered industry, government and academia professionals to collaborate on current software standards applications and create dialogue for future development.  The event addresses traditional and new entrant software needs and connects the audience to experts knowledgeable in the execution of software processes.  PRESS RELEASE: INTERNATIONAL AVIATION SOFTWARE SUMMIT

Printable Agenda:

Software Symposium Agenda

Live Sessions – Day 1 – Wednesday, June 23

International Aviation Software Summit Opening Panel.

In this Panel:

Terry McVenes, President and CEO, RTCA

Christian Schleifer-Heingärtner, Director General, EUROCAE

Patrick Ky, Executive Director, EASA

Ali Bahrami, Associate Administrator of Aviation Safety, FAA

The development of several new software applications is currently facing some challenges in the well-established software development process. The traditional way of software certification is not very well adapted for new applications. Therefore, to maintain the software standards suite and provide state-of-the-art software standards that satisfy both, established applicants and new entrants, EUROCAE and RTCA launched WG-117/SC-240 – Topics on Software Advancement nearly a year ago. Together with the Co-Chair of the joint group, Steve Cook, this panel will discuss topics towards a solid process to support the need of all software applicants by keeping established and reliable ways and to ensure a solid software development process within today’s fast-paced aviation ecosystem.


Steve Cook, NG Fellow, Airworthiness, Northrop Grumman


Martha Blankenberger, FAA DER, Rolls Royce

Alexey Kupriyanov, Head of Software Engineering, Lilium

Christophe Gabreau, Software Process Specialist, Airbus

Andy Hoag, Senior Director Integrated Products, Aireon

Terry McVenes of RTCA interviews Brian Meincke of ASTM and David Alexander of SAE on the organizations’ approach to software standards development and the applications of the standards.  The panelists will review the role of adjacent technologies in the influencing of software standards and provide highlights of current committee work.

In this Panel:

Terry McVenes, President and CEO, RTCA

Brian Meincke, Vice President, Global Business Development & Innovation Strategy, ASTM

David Alexander, Director of Aerospace Standards, SAE

Software advancement and evolution can bring new features to a marketplace faster than policy can change to regulate them.  Panelists discuss the following:

  1. What challenges do the various regulators see in the coming world of autonomous operations in aviation and on the road that will mostly be driven by software?
  2. What strategies are available to regulators that allow applicants to bring advanced technologies for approval that do will not exceed existing regulations but also will not stifle innovation?
  3. What advice can regulators offer software developers to ensure their systems are understood by regulators, will meet with approval quickly with minimal additional work, and will be accepted for use in consumer markets quickly.


Terry McVenes, President and CEO, RTCA


Maria Algar-Ruiz, Drone Programme Manager, EASA

Benedito Massayuki Sakugawa, National Civil Aviation Agency Brazil, ANAC

Dr. Michael Romanowski, Director of Policy & Innovation in the Aircraft Certification, FAA

Patrick Desbiens, Manager, Electronic Equipment Design Assurance, Transport Canada

Live Sessions – Day 2 – June 24

At the opening of the second day of the EUROCAE-RTCA International Software Summit, representatives from the FAA and EASA will discuss challenges and opportunities to accommodate innovation and new entrants in the current aviation system as well as the importance of internationally agreed standards that are robust, provide a stable baseline but at the same time reflect current industry best practices and the latest state of the art.


Christian Schleifer-Heingärtner, Director General, EUROCAE


Di Reimold, Deputy Director, Policy and Innovation, FAA Aircraft Certification Service, FAA

Hette Hoekema, Chief Expert – Avionics & Electrical Systems, EASA

Regulators and experienced DERs discuss the benefits and pitfalls of using the Software Supplements with DO-178C/ED-12C and DO-278A/ED-109A. The panelists share real world examples of both successes and challenges when using the supplements.


Mark Lillis, Vice Precident of Engineering, Triumph


Guillaume Soudain, Software Senior Expert, EASA

George Romanski, Chief Scientifi c and Technical Advisor, Computer Aircraft Software, FAA

Burak Ata, Head of Development Quality Assurance, Volocopter

Jeanne Larsen, Software Enigneering Fellow, Collins Aerospace

Amanda Melles, DAO Chief Airworthiness and TCCA SW/AEH Design Approval Appointee, Mannarino

We would like to solicit real world examples of both successes and challenges of using the supplements from any interested party. Please submit information here. Although not mandatory, if possible, include your contact information to allow us to contact you if more information is needed.

The joint EUROCAE/RTCA Forum on Aeronautical Software (FAS) has been established to provide a forum for those involved in the development of aeronautical software to share experiences and good practices and to provide a platform for the exchange of information regarding subjects addressed in the “software document suite”, new and emerging technologies, development methodologies, interesting use cases and other topics related to aeronautical software and related technologies. Clarifications on software related topics have been posted by EUROCAE and RTCA on their respective websites as FAS Topic Papers (FTP)s. In this short session, FAS Co-Chairs Patty Bath and Christophe Cucuron will revisit 10 years of FAS activities and look out to the future ahead.


Anna von Groote, Director Technical Programme, EUROCAE


Patty Bath, Software DER / Principal Engineer, AVISTA

Christophe Cucuron, Avionics Software Certification Expert, Airbus

Tom Ferrell of Joby Aviation and Oliver Reinhardt of Volocopter discuss challenges when using DO-178/ED-12 and the supplements and how they are applying the standards in software development.  Much discussion on these standards in the new entrant community focuses on a desired sequence of the events for software approvals.  Hear directly from the innovators in the community as they share their experience and knowledge on application of the standards and how this applies to UAM/UAS manufacturers.


Al Secen, Vice-President, Aviation Technology and Standards, RTCA


Tom Ferrell, Senior Certification Engineer and FAA DER, Joby

Oliver Reinhardt, Chief Risk and Certification Officer (CRO), Volocopter

On-Demand Sessions

The EUROCAE WG-114 (together with the SAE G-34) main objective is to create the first standard for the development and certification/approval of aeronautical products based on AI-technology. The scope encompasses ground-based equipment and airborne vehicles, including Unmanned Aerial Systems (UAS) products. As a starting point, the group worked on a statement of concerns in order to align the aeronautical ecosystem stakeholders (Industries and Regulation Authorities) and in particular provided a gap analysis with the main avionic standards. This presentation will present the highlights of the analysis focusing on ED-12C/DO-178C (and its supplements) and ED-109A/DO-278A, and the current considerations about interfacing the current software standards.

For highly critical and complex software applications in modern avionics the necessity to provide assurance that data coupling and control coupling within a software application has been adequately exercised, during verification activities, is an important activity in the elimination of potential errors. How to exactly satisfy the Data Coupling and Control Coupling objective in DO-178C has often been misunderstood. This presentation will provide a detailed approach to systematically identify all data couplings and control couplings so that performing the analysis in a complete and consistent way becomes achievable. The strategy identified can be extended to include highly complex platforms, such as IMA and Multicore processors, and enable the identification of additional verification that may be required on such complex platforms.

Ad-hoc testing has been the go to answer to get safety-critical software tested and released quickly, while ensuring that the system is meeting its basic functional and operability needs. It provides an environment that can produce good data without being bogged down by the formality of a typical qualification/certification process. During a typical effort, once the ad-hoc testing is complete a formal effort is then started to provide complete, formal coverage for certification purposes. CS Group USA created a data mining toolset (TAPES) which can leverage existing system or flight test data to reduce significantly the software integration and unit testing in compliance with DO-178C.

Efforts towards certification, proving fitness-for-purpose and reliability of Machine-Learning based systems for safety-critical applications are centring around three complementary approaches: Learning Assurance, Runtime Safety Monitoring and Explainability.  EASA refers to all three in their recently published first guidelines for Level 1 machine learning applications. This talk will attempt to disentangle what is meant by each and compare their weaknesses and strengths.

In the context of 2017/373 Software AMC & GM it is presented that SWAL allocation could be a way to demonstrate an adequate level of confidence. But today how to allocate the SWAL. This critical process is described in ED-153. But it relies on severity classification scheme as per repealed regulations. This short presentation presents a possible update of the ED-153 SWAL allocation process fully compliant with 2017/373 and reusing ED-153 allocation concepts.

We are interested in the problem of elevating the safety of drone systems to meet the new regulation aspects and the drone manufacturers constraints of prototyping, industrialization and budgets. Today, the drone manufacturers are facing the challenge of adapting their systems to new regulations rapidly and at a reasonable cost. The new regulation sometimes requests certified subsystems, in particular for flight controller, hence compliant to aeronautics standards i.e. DO-178C, DO-254, for some drone performing critical operations. For AirTaxi drones, a certified autopilot is mandatory.  In this context, we present Pulsar Factory, a development framework to accelerate and facilitate the development of DO-178C compliant flight controllers and autopilots for specific aircraft. Pulsar Factory allows manufacturers to easily integrate specific control and command laws of their drone, to make rapid prototypes and flight (or iron bird) tests. Once the control and command laws are validated, the manufacturer can go faster to certification by developing only this specific part with the Pulsar Factory compliant guidelines. All others components of the Flight Controller will be reused and off the shelf. In this presentation, we will introduce the main orientations of regulation. We will discuss also how this framework represents a way to a certifiable and tailor-made autopilot.

Considering cybersecurity attacks, implementation useful functions such tablet operation threaten flight operation. An example of identification of threats from system design of human control system by STPA-SEC is introduced in the presentation. STPA-SEC is described as a reference method in DO-356 Airworthiness Security Methods and Considerations, Appendix G.

The presentation explains detailed steps applying STPA-SEC to threat assessment combined with STRIDE to identify threat scenarios. It also presents risk assessment which assesses how safety requirement such as design constrains address cybersecurity risk, and any mitigation method is required or not.

Introducing the example of human control system in the industrial field contributes to applying STAP-SEC with STRIDE to aircraft systems.

STRIDE: Threat Analysis model, S: Spoofing, Tampering, Repudiation, Information, Disclosure, Denial of Service

The material provides high-level insight on the usual certification pitfalls, processes flaws, project cost, recommended practices and maintainability aspects of DO-178C programs. The presentation focuses on the most common challenges for development, verification and certification of safety critical software.


How to avoid common mistakes in certification, processes, tool use and selections

How to apply DO-178C guidance in the real world

How to optimize Verification activities

How the certification process and certification authorities oversight is handled

How to succeed in Audits and Reviews

The costs associated with DO-178 projects

The Overarching Properties Working Group (OPWG) was created under the FAA’s Streamlining Development Assurance Initiative. The purpose of the OPWG was to define a set of properties that if an Applicant could demonstrate that their system possessed all properties, then that system could be approved for use. The OPWG has defined the following overarching properties:

Intent: The defined intended behavior is correct and complete with respect to the desired behavior

Correctness: The implementation is correct with respect to its defined intended behavior, under foreseeable operating conditions

Innocuity: Any part of the implementation that is not required by the defined intended behavior has no unacceptable safety impact

The current focus of the OPWG is on the use of assurance cases as a means for an Applicant to demonstrate their system possess the Overarching Properties.

This presentation will provide a brief overview of the Overarching Properties Working Group, the products produced, in process, and possible future products.

The 4-part track includes the following presentations:

  1. Intro to OP and OPWG (Jim Chelini, Chair of the Overarching Properties Working Group)
  2. Construction and review of OP related Arguments (Michael C. Holloway (NASA))
  3. Utopia Project (Zamira Daw (Raytheon))
  4. QGen (Tony Aiello (AdaCore))

The Panel will cover development assurance and safety assessment considerations for autonomous systems. We will speak to these processes, defined in SAE ARP4754A and SAE ARP4761, respectively.  These processes provide methods for developing functionality for systems and means for identifying and mitigating associated hazards.  This discussion will also consider some new challenges that autonomy presents to those processes. In particular, we will discuss the identification and response approach to gaps regarding autonomy, AI, and adjacent topics that the represented committees and sub-committees are working to address. This panel will provide perspectives on this process, gaps, and potential solutions from the perspectives of autonomy, artificial intelligence, and conventional aviation.


Certain sessions are now available for viewing on YouTube.  WATCH

Software Summit Silver Sponsors


Thank you to our Media Sponsors