1. Simulation vs Public Shadow Driving AI and Testing
Unless you want to shadow drive 1 Trillion miles and spend over $300B you will have to use simulation and simulators as the primary means of AI and testing. There is also the issue of shadow driving being dangerous because of slow reaction times and drivers falling asleep. (That alone can stop your program due to lawsuits and even criminal action.) Something not brutally evident yet because there is very little driving in dangerous situations and/or in bad weather with bad roads conditions yet.
A Trillion miles takes 228k vehicles driving 24x7 for 10 years. That is 684k drivers. Do the math on that cost. My $310k estimate is on the low end. Just cars, drivers and gas.
(Yes simulation and simulators can do what is needed.)
2. Sensor Redundancy and Accuracy at All Times
Every sensor has to be redundant. All the way down to power and the sensors.
In order to have the highest data accuracy in all situations multiple sensor types are needed. Each sensor has strengths and weakness. Especially LIDAR and cameras who have weaknesses in bad weather, spoofing, certain textural situations and spoofing. You need to either resolve those or go to 3D radar, (Anyone talking to Lockheed’s Aegis radar folks?)
Those multiple sensor types have to be integrated or fused in a system that ensures the best solution is chosen at all times. This will need to be a probability and priority filter,
Regarding detailed mapping. I never see this discussed. You have to have a worldwide process that ensures every map is the same for everyone. You cannot, at any time, have vehicles in the same area having different critical ground truth. And you have to deal with near or actual real time updates and integrating with the other sensors. (I understand the crowd sourced map updating idea. Not easy to do, lots of redundant data to deal with and it’s a long way off).
3. Scenario Matrix
As MCity (University of Michigan) suggests there is a set of scenarios that if experienced and handled properly encompass all scenarios. The industry needs to either ascertain that or determine the minimal set of scenarios and their variations to cover the highest level of community due diligence. Clearly perfection is not possible. But let’s not let perfection deter our best due diligence. Get all the experts together from across the domains and do the best humanly possible.
Even if you have hundreds of thousands or millions of vehicles driving around stumbling and restumbling on scenarios you need a checklist to at least ensure minimal scenario redundancy or to avoid missing obvious things like unique traffic patterns and their variations.
4. Using Actual Best Systems Engineering Practices
No not even A-Spice is enough. A-Spice is far better than the Commercial IT world which has almost nothing. But it falls short in several areas. Go to NASA and DoD systems engineering practices. (If you stay with A-Spice I do not believe that is automatic failure. But it will cost you valuable time).
Traditional Agile cannot get you there. You need to include top down scope, design, integration and test. Try a Waterfall-Agile Hybrid.
Use Diagrams vs text based Use Cases and Stories. Create a progressive and integrated set of requirements, design and testing.
You need an overarching engineering team who works across all teams with one chief engineer. Do not create stove-pipes or business areas.
You must use legitimate best practice coding practices suggested by DoD or JPL. (Beyond DO-178C). The key being exception handling and tripping over yourself. Commercial IT rarely deals with exception handling.
You need a single baseline with proper software configuration management. That doesn’t mean just Git. You are far better off with Clearcase and a CM team. But if you use Git you need a team and they need to know actual best practices for maintaining a single baseline and branching to many sublines and smaller branches from that. You must be able to resource and build anything and everything at all times. No patching for eternity or avoiding whole baseline builds because you lost or never had real Cm control.
Using actual systems engineers not BAs and QA. While this one can be dealt with it will make things much harder. The people who know the scope the best should test to make sure they got what they asked for. Use QA (who is really QC) to verify the integrity of that arrangement by providing test over sight.
Get to a legitimate an acting CMMI Level 5 even if you do not get certified.
5. Do the Hardest Things ASAP
If you do not create a special team to go off and solve the hardest scenarios and the cumulative impact of them, you may doom your business. That is for two reasons. You don’t have the time or money when you figure out you have a problem later or you have to make a massive architectural change that ripples through the system. If you do not have a group putting together ALL of the items I mentioned here and trying to solve them you are making a huge mistake. (Yes some of the activities will need to be in series. But a lot of it can be done in parallel and merged or integrated over time.)
6. Cybersecurity — Hacking/Weaponization
Most organizations, be it commercial or government, don’t actually use most best cybersecurity practices. Especially around Privileged Account Security. And they don’t properly encrypt data or data links. Unless you actually do these you will get hacked, your data will be taken, you may be sabotaged and your vehicles turned in to weapons.
And we cannot have companies giving away source code. That is a free ticket to weaponization and accidents.