[SystemSafety] Qualifying SW as "proven in use"

From: Peter Bernard Ladkin < >
Date: Mon, 17 Jun 2013 12:32:49 +0200


there is a significant question how SW can be qualified as "proven in use" according to IEC 61508:2010. There is a judgement in some quarters (notably the German national committee) that the criteria in IEC 61508:2010 are inappropriate. I think it wouldn't be out of place to say that many in the IEC 61508 Maintenance Teams find the current criteria unsatisfactory in one way or another.

We in Germany have been discussing the issue and possible solutions for a couple of years, and recently the discussion has gone international. There seems to be a general feeling that qualifying SW statistically via the approach given by the exponential failure model is not practical, because the data requirements are overwhelming - it is regarded by most as implausible that companies will have the requisite data to the requisite quality even for SIL 2. But even if you qualify your SW for SIL 2 or higher without such data, then at some point some data will exist and people use such data as evidence that the original assessment was accurate. But what sort of evidence does it offer? The answer is probably a lot less than you might be convinced it does.

There seems to me to be a lack of examples where things can go wrong - at least a lack of examples specifically adapted to assessments according to IEC 61508:2010. So I wrote one up - fictitious but I hope still persuasive - to illustrate what (some of) the assurance issues are. I hope it can aid the debate.



Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de

The System Safety Mailing List
Received on Mon Jun 17 2013 - 12:33:01 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:05 CEST