☢️ Imagine a machine designed to save lives—turning into a lethal weapon because of a few lines of code. The Therac-25 isn’t just a story about a bug; it’s a monumental lesson in how engineering hubris and the absence of a safety culture can transform a sophisticated medical device into a guillotine. At its core was a PDP-11 minicomputer, and unlike its predecessors, the developers decided to entrust patient safety not to physical interlocks, but to "smart" software.
🧩 The root of the problem was a classic race condition. The program was written in assembly language, where parallel processes fought for shared memory resources. If the operator managed to input commands faster than the system could complete its check of the "turntable" position, a fatal failure occurred. Essentially, the software couldn’t guarantee that the tungsten target was in place when the powerful electron beam activated.
⚡️ Picture the difference: for electron therapy, the beam requires low intensity, while for X-ray mode, it needs to be 100 times higher. The bug allowed high-intensity mode to engage without the target, directing a flood of beta particles straight into the patient’s tissue. Victims described it as a "blow from red-hot metal" or "the sensation of an electric shock." This wasn’t just radiation—it was instant thermal and biological tissue destruction at depth.
💻 AECL’s engineers fell into the trap of "code reuse." They took modules from previous systems, where hardware safeguards existed, and simply removed them, relying on the "reliability" of the software. But software isn’t bricks; it has no physical limits of endurance. The lack of proper verification and testing led to system errors like "Malfunction 54" becoming, for doctors, not a danger signal but an "annoying glitch" that operators grew accustomed to dismissing with the "P" (Proceed) button.
⚖️ The most chilling part of this story isn’t the bug itself, but the company’s response. When doctors reported "strange burns," AECL replied: "That’s impossible, the system is perfect." They literally ignored reality, preferring to believe in the infallibility of their algorithms. Trust in "smart" software became a kind of religion, replacing common sense and engineering caution.
🧬 The consequences were horrifying. Patients received doses of up to 25,000 rad (with therapeutic norms around 200 rad), which is incompatible with life. We’re talking about systemic collapse: from poor interface ergonomics to the absence of logs that could have helped reconstruct the events before the sixth person was harmed.
🧠 The lesson we take from this tragedy: in critical systems, software should never be the sole line of defense. Engineering arrogance is the most dangerous bug of all. Any control system must be built on the principle of "defense in depth," where physical interlocks back up software checks, and system complexity never exceeds the capacity for thorough testing. Never trust code more than the laws of physics.