DO-178C

DO-178C (Software Considerations in Airborne Systems and Equipment Certification) is the primary standard used by the aviation industry to certify the safety of software in airborne systems, published by RTCA in 2011 as a successor to DO-178B. The standard defines five levels of software criticality — from Level E (no safety effect) to Level A (catastrophic failure) — and prescribes increasingly stringent objectives for each level, including requirements-based testing, structural coverage analysis, and independence of verification activities. The 'C' revision introduced explicit support for formal methods, model-based development, and object-oriented programming as alternative means of compliance, acknowledging that conventional testing alone cannot provide adequate assurance for the most critical software. DO-178C is often criticized for its bureaucratic weight — a Level A certification can generate tens of thousands of pages of documentation — but its defenders argue that this weight is the price of an safety record that remains extraordinary. The standard is not a technical specification but a social contract: it codifies the consensus of regulators, manufacturers, and airlines about what 'enough verification' means when lives are at stake. The related ARP4754A standard governs the system-level development process that produces the requirements DO-178C verifies.