DO-178C

DO-178C, formally titled "Software Considerations in Airborne Systems and Equipment Certification," is a comprehensive standard that guides the entire software lifecycle in aviation. It establishes a rigorous, objective-based framework for software development, verification, and validation to ensure that safety-critical airborne software performs reliably.

DO-178C has separate standards that supplement it in the following areas:

• Object Orientation (DO-332)

• Formal Methods (DO-333)

• Model-based SW Engineering (MBSE): DO-331

• Tool Qualification (DO-330)

DO-330 is even a stand-alone standard that can be used independently.

Replacing DO-178B, it incorporates modern practices such as model-based design and object-oriented programming and clearly defines both the objectives to be met, and the evidence required for certification compliance. As with other safety standards, the credibility of this evidence strongly depends on the correctness and suitability of the software tools and libraries used throughout the development and verification lifecycle.

DO-178C is vital to aviation safety as modern aircraft increasingly depend on complex software for critical operations such as navigation, flight control, and communication. Software failures in these areas can be catastrophic. By enforcing a structured and thorough approach to development and verification, DO-178C significantly reduces the risk of systematic software defects and supports compliance with stringent regulatory expectations.

In practice, achieving this level of confidence requires not only disciplined processes, but also qualified development and verification tools, especially for higher Design Assurance Levels. Ensuring tool correctness and predictable behavior is therefore a key enabler for demonstrating compliance and successfully completing certification audits.

While DO tools are handled in the separate DO-330 standard, pre-existing software is handled directly in DO-178C. Chapter 12.1 covers pre-existing software and requires performing a complete gap-analysis against previous projects. If the software comes from the open-source community, it typically requires a re-qualification against requirements using complete test cases and code coverage executed on the target hardware (integration test). This is similar to what other standards call “Library Qualification” but provides a lot of flexibility through the gap analysis.

A key concept in DO-178C is the Design Assurance Level (DAL), which classifies software based on the severity of potential failure conditions. There are five levels—A through E—with Level A representing the most critical software (where failure could lead to catastrophic outcomes) and Level E the least. Each level dictates the required rigor in development and verification to ensure appropriate safety assurance.

The equivalent in ISO 26262 is the Automotive Safety Integrity Level (ASIL), which ranks software criticality from ASIL D (highest) to ASIL A (lowest), with QM (Quality Management) for non-safety-related components. Like DALs in DO-178C, ASILs determine the required rigor in development and testing based on the assessed safety risk.

While both DO-178C and ISO 26262 are functional safety standards designed to mitigate unacceptable risk, they apply to different domains (aviation and automotive, respectively) and adopt distinct methodologies tailored to their industry's specific needs.

• DO-178C is tailored for airborne software and has a long-established role in aviation, emphasizing rigorous verification and validation. It assigns Design Assurance Levels (DALs) solely based on the severity of potential failure effects.

• In contrast, ISO 26262 targets electrical and electronic systems in road vehicles and defines Automotive Safety Integrity Levels (ASILs) by evaluating three factors: severity, exposure, and controllability of hazardous events.

While both standards emphasize structured development, traceability, and independent verification, ISO 26262 covers the entire lifecycle of automotive electrical/electronic (E/E) systems—from concept to decommissioning—including hardware and system-level aspects.

In contrast, DO-178C focuses primarily on software for airborne systems. Despite these differences, both share core principles such as safety-by-design, systematic processes, and robust verification, making expertise in one often transferable to the other.

Validas brings cross-domain expertise in tool and software library classification and qualification for safety-critical systems, supporting organizations working under DO-178C and the related DO-330. Special focus from Validas places special emphasis on the qualification of pre‑existing software (“libraries”).

Validas helps aerospace organizations to:

• Systematically classify tools based on their impact on safety objectives

• Qualify tools and software libraries in accordance with DO-178C / DO-330 expectations

• Support with a tool chain analysis to reduce the TQLs in compliance with the DO-330 FAQ D.2: Can TQLs be reduced?

• Create audit-ready, reusable qualification evidence, reducing certification effort and risk

By focusing on tool confidence and evidence quality, we enable aviation software teams to meet DO-178C / DO-330 requirements efficiently without compromising safety or certification robustness.