7/27/2019 01 Therac-25

1/2

Oscar Guillermo Castro

Dr. Aktunc

Software Quality Assurance

8 September 2014A Tale of Ignorance and Bliss

Therac-25 was designed as a medical linear accelerator (linacs) by Atomic Energy

Commission Limited (AECL) and CGR. Linacs accelerate electrons to create energy that burn

tumors with radiation with minimal damage to the surrounding area. Therac-25 was built upon

its predecessors design, the Therac-6 and Therac-20. Therac-6 and 20 were designed and tested

products that did not include any software. AECL and its affiliates constantly neglected to

examine the software quality of the Therac-25. The authors of the article state Many companies

building safety-critical software are not using procedures from a software-engineering and

safety-engineering perspective. This accurately summarizes the failures of Therac-25. Its

undoing is in great part to AECLs failure torecognize faulty software and dismissing the

opinions of others.

Therac-25s failure can be attributed to two causes. The first was the decision to use

hardware that was designed to function without hardware. Therac-20 and Therac-6 (T20, T6)

were implemented with PDP 11 which was also used for the T25. The PDP 11 used by T20 and

T6 did not have their safety mechanisms controlled by a computer. In addition, bugs found on

the T25 appeared on the T20, suggesting that safety-critical operations were carried over to the

T25. Although the T25 and T20 share many features in common, as well as structure similarities,

their safety mechanisms are too different. Essentially software from T20 was copied over to T25.

Copying software from a machine that is designed to mainly work without computerized safety

7/27/2019 01 Therac-25

2/2

locks to a machine that does spells for a world of lawsuits. This may have been done in order to

cut on costs but ended up hurting the company. In order for a product, that can potentially be

life-threatening, to be in a workplace, where peoples lives depend on administering small doses

of harmful radiation, requires at the minimum safety protocols to be in place. Even though

software may have been the main culprit for the Therac-25s failure, faulty hardware was still in

place. On page 6 of the article, the authors note that a turntable was at fault for causing some

errors but later state that the quality of the software was also at fault.

The second cause was AECLs reluctance to acknowledge that their software was faulty.

On several occasions, the readers can see that AECL did not consider their software could

present serious issues. In the Kennestone Regional Oncology Center, Tim Still contacted AECL

about an issue where a patient felt burned (possibly due to over-dosing the amount of MeV) but

AECL responded with thats not possible. Even though burns believed to have been from

radiation appeared on a patient, AECL and operators of T25 did think the machine was at fault.

After a case where a patient died where the Therac-25 was in work, AECL began to investigate

the source of the issue. In the end, the company could not reproduce the problem nor find a

solution.