> I don't know how they can relax at all relative to their work.
They strictly follow procedures. If faulty code gets through to production and somehow causes a fatality, it's a failure of the procedures, not the individual developer. This works so well in aviation and yet seems completely non-existent in the automotive world.
The procedures exist and are 'followed', but there's a lot more time-to-market pressure. Manufacturing lines dictate the schedule and software must keep up no matter what.
When I worked on safety-critical products, it was actually really nice to be able to push back.
"We can't satisfy the safety case yet" is all you need to say to get your manager to cave.
If they want to take the risk upon themselves to sign off on a known-unsafe (technically; in practice it was already pretty good, just not good enough yet) device, and go to jail if something goes sideways, they can be my guest...
In practice, they preferred to come back next week and ask if we were done yet.
The project went wayyyy past the deadline, thanks for asking :-)
They strictly follow procedures. If faulty code gets through to production and somehow causes a fatality, it's a failure of the procedures, not the individual developer. This works so well in aviation and yet seems completely non-existent in the automotive world.