There are things you can do other than just
driving the vehicle around, and in every other
industry except cars, that’s what you do
to get safety.
You look at the design quality of the software.
You make sure that all the code has been looked
at by other people—it’s called peer review.
You actually test little pieces of the software
to make sure that they each work independently.
You do other things as well, and the idea
is to not just drive the car around and see
how well it does, but in fact to use a rigorous
engineering process to make sure the code
is of high quality.
One of the things you can do for cars is follow
one of the safety standards.
There’s a safety standard called ISO 26262,
which is specifically for car software and
car functional safety, and there’s no reason
you can’t be following that for a self-driving
car.
It’s true that some car functions, such
as full autonomy, were not really envisioned
in the original 26262 standard.
However, that doesn’t give you a free pass.
You should use it as much as you can, and
for the autonomous functions, you have to
have a good story to tell that isn’t simply
“we drove it around a lot and it seems to
be okay.”
