I stumbled on this fascinating article from another linked source. Here’s the original PDF taken from the wayback machine.
Here’s a quick summary:
Researchers who investigated the accidents found several contributing causes. These included the following institutional causes:
- AECL did not have the software code independently reviewed and chose to rely on in-house code, including the operating system.
- AECL did not consider the design of the software during its assessment of how the machine might produce the desired results and what failure modes existed, focusing purely on hardware and asserting that the software was free of bugs.
- Machine operators were reassured by AECL personnel that overdoses were impossible, leading them to dismiss the Therac-25 as the potential cause of many incidents.:428
- AECL had never tested the Therac-25 with the combination of software and hardware until it was assembled at the hospital.
We have come a long way from the original Therac and of course, it is much safer now!