When the designers and developers don’t communicate well enough, bad things happen.

Consider the Mars Climate Orbiter, which was launched on 3 January 1999.

Mars is a long way from earth. To get a spacecraft from earth to Mars, you can’t just point it at Mars and fire the rockets. You have to calculate a trajectory that will get the spacecraft from earth to where Mars will be when the spacecraft arrives. That trajectory must be extremely accurate, or the spacecraft will miss Mars.

Rockets that are powerful enough to escape the earth’s gravity have more to do with brute force than with precision. They’ll put the spacecraft on more or less the right trajectory, but the spacecraft will have to make a mid-course correction whose direction and magnitude is based on our observations of how far off-course it is. When that mid-course correction was made, the Mars Climate Orbiter remained off course. They had to do another mid-course correction. Wait and observe—still off course. Another mid-course correction, wait and observe—still off course. The Mars Climate Orbiter never did reach the correct trajectory, and was eventually lost without accomplishing anything at all.

Why? The investigation said there were eight contributing factors. Two of those factors:

some communications channels among project engineering groups were too informal

the process to verify and validate certain engineering requirements and technical interfaces between some project groups, and between the project and its prime mission contractor, was inadequate

To put it more plainly:

The Mars Climate Orbiter was a total failure because the implementors of one software component thought the mid-course correction thrust was supposed to be measured in metric units (Newtons), while the implementors of another component thought thrust was supposed to be measured in English units (pounds).

That should have been spelled out within an internal specification, right? It was. The spec said thrust is given in Newtons. One of the development groups didn’t read the spec with enough care. Their carelessness, combined with inadequate integration testing and unwillingness to consider software errors as a cause of the spacecraft’s anomalous trajectory, cost 125 million dollars.

Watch out for independent evolution of subsystem specifications. Don’t let developers rely on their own opinions instead of paying attention to what it says in the specification.