In 1993, I was taking a course in Software Verification & Validation at the Univ of Houston Clear Lake, next door to Johnson Space Center and down the street from the IBM division doing the Space Shuttle software. That is the group that is CMM Level 5 and gets a bug report about once a year or so. It happened that the instructor of this course was a mid-level IBM tech guy in that organization. And he had stories...<p>After Challenger blew up, NASA demanded that every shuttle vendor report the cumulative probability that their component of the system would lead to a loss of vehicle accident. NASA took all those probabilities and came up with their best guess of the probability of a loss of vehicle accident for each flight. While Feynman praised the software process for the shuttle, the software group still had to come up with their number. So the instructor said they took all their statistics from the (individual, unique) software loads for each historical flight, and included the failures from their loss of vehicle accidents.<p>"Say what? The shuttle software hasn't had any loss of vehicle accidents." Well, turns out it had. Each unique software load for each mission is tested and trained against for many months before it flies. Sometimes they fail, just not yet in actual flight. For example, apparently one time the shuttle crew was practicing launch aborts, where the launch is aborted just after clearing the pad and the orbiter lands like a glider. About the only crew member involved in that is the pilot. Everyone else is just strapped in being bored, and after a few hours of sitting still, the co-pilot got "frisky." During the launch phase, he randomly tapped some keys on his keypad and ... BOOM! Loss of vehicle accident.<p>Monkeys at work! I suppose it could be argued that with all the bumping around during the launch phase, a stray hand could accidentally "fuzz" that keypad.