Originally Posted by
InOmaha
The key to containing catastrophic failures is designing a proper limp or safe mode for each system. Seperating key systems into smaller autonomous systems, that pass information through a main system with backup and a safe shutdown, etc.
The problem is what it usually is; hubris on the part of the engineers. If they build in a failsafe at all, it's often still dependent on electronics rather than good old fashioned physically airgapping the failed system from the essential ones that could still work without it. To use the example of the electric power steering, you need a way to completely physically disengage that motor from the steering system, not just tell the software to stop turning it or cut power and have to drag against it.