Re: [SystemSafety] Two White Papers

From: Les Chambers < >
Date: Fri, 15 Feb 2013 10:54:24 +1000

I enjoyed your White Paper on 61508. You are absolutely right, safety integrity level numbers are useless in the context of software. Once again I feel the need to state the obvious on the matter of building safe systems - something everyone who has ever built a safety critical system knows in their heart.
1. Safe systems are built by safe people. 2. Safety cannot be inspected, tested, audited or regulated into a complex software intensive system, it must be built in -- day by day -- every day. 3. Complex systems development is a craft. It requires highly experienced artisans to ensure that the delivered system does not kill anyone. 4. Claiming you have used the processes and practices called out in 61508 has no bearing on whether or not you used them well. Auditors are chronically incompetent and identifying poor or zero process/standards compliance. I'd like a dollar for every time I've seen a much vaunted and highly respected auditor skate over and completely miss the dirty linen in safety critical build. You will never see the dirt unless you're in it. This is why it blows my mind that regulators are being indicted for not seeing the problems in the 787's batteries. How could they possibly do that without working on the project, day to day.

If international standards bodies are to have any impact on safety they should invest their time in supporting the training, experience and qualification of the people who do the work.

At a practical level this means:

1. Detailed standards for safe code 
2. Detailed standards for designing safe architectures
3. Minimum requirements for safety related requirements specifications
4. Qualification criteria for the people doing the work
5. Qualification criteria for subject matter experts describing the requirements

As stated above audits are useless at discovering the devil in the details, but some other reactive measures are showing promise. Companies such as Adobe and Oracle are spending significant dollars on identifying security vulnerabilities in their code. The going rate for identifying a security vulnerability in Adobe Acrobat Reader is $100,000 in Eastern Europe. That is a very strong driving force for a technical cohort that is willing to work for eight dollars an hour. A strong defence has quickly gathered in the West and some of the principles under which they operate, I believe, are applicable to safety. Automated proof of correctness does not scale to large code bodies, however gross measures of goodness are proving useful. Using these ideas, Oracle's team in Brisbane has discovered enough defects to keep their maintenance people working into the next millennia. So how about a standard covering gross measures of goodness in safety critical requirements, architectures and code? Something that can be validated with a software tool. You could start with a simple tool that finds words such as "appropriate" in requirements. That would be a huge leap forward. Good luck and over to you.

> I have just put two short White Papers up on the RVS publications page
> White Paper 1, Standards for Standards: Improving the Process proposes
three principles that would
> improve both the technical quality of standards and their effectiveness at
disseminating best
> practice. http://www.rvs.uni-
> White Paper 2, 61508 Weaknesses and Anomalies sets out some (all?)
weaknesses of the E/E/PE
> functional safety standard IEC 61508, along with some immediate prospects
for potential improvement
> of which we know. http://www.rvs.uni-
> We are very grateful for comments!
> --
> Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld,
33594 Bielefeld, Germany
> Tel+msg +49 (0)521 880 7319
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx

Les Chambers
+61 (0)412 648 992

The System Safety Mailing List
Received on Fri Feb 15 2013 - 01:55:10 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:05 CEST