Manifesto for Slow Software Development

Historical Examples: when software fails, life pays the price

The value “Bug-free software over working software” is not hyperbole. Below, documented cases where software bugs cost lives, billions of dollars, or nearly altered the course of history.

Therac-25 — the radiation therapy machine that killed (1985–1987)

The Therac-25 was a linear accelerator for radiation therapy by AECL. To cut costs, the manufacturer removed physical safety interlocks and relied exclusively on software to prevent overdoses.

The software had race conditions and a safety flag that, when incremented instead of set, overflowed and zeroed the check. Result: the 25 MeV beam hit the patient without the tungsten target — a dose ~100 to 250 times higher than prescribed.

  • Consequences: at least 6 overdoses; 3 confirmed deaths.
  • Lesson: blindly trusting safety software without hardware redundancy turned a machine that cures cancer into one that killed.

Boeing 737 MAX / MCAS — 346 deaths (2018–2019)

The MCAS software commanded automatic dives based on a single angle-of-attack sensor. Boeing omitted MCAS from manuals and pilot training.

  • Consequences: 346 deaths. Global fleet grounded for 20 months.
  • Lesson: a flight control software hidden from pilots brought down two planes.

Patriot Missiles in Dhahran — 28 deaths (1991)

The bug: the system clock counted time in tenths of a second; the rounding error accumulated. After ~100 hours, the timing gate was delayed by ~0.34 seconds.

  • Consequences: 28 American soldiers killed.
  • Lesson: a silently growing rounding error cost 28 lives.

Ariane 5 Flight 501 — US$ 370 million in 37 seconds (1996)

The bug: code reused from Ariane 4; a value overflowed when converting 64-bit float → 16-bit integer.

  • Consequences: loss of >US$ 370 million.
  • Lesson: reusing “tested” software in another context can be fatal.

Knight Capital — US$ 440 million in 45 minutes (2012)

A technician forgot to copy the new code to 1 of 8 servers. The dead code reactivated and fired orders indefinitely.

  • Consequences: Loss of US$ 440 million; company forced into merger.
  • Lesson: forgetting to update 1 server in 8 destroyed a US$ 1.5 billion company in less than 1 hour.

← Back to Manifesto