Re: [SystemSafety] a discursion stimulated by recent discussions of alleged safety-critical software faults in automobile software

From: Peter Bernard Ladkin < >
Date: Tue, 12 Nov 2013 10:49:49 +0100

On 11/12/13 10:25 AM, Parker, Stephen wrote:
> Its worrying that Toyota would be in a better position by not discussing this internally. That
> seems a recipe for reducing software quality to me.

First, this is a known problem for many decades, and not just with SW. Ever since the Ford Pinto case in the US in the 1970's, most large companies building safety-critical kit have known that analyses you perform are subject to discovery proceedings and can be (Ford and others argue: mis-)interpreted by courts. Some (Chris Johnson comes to mind) have suggested this has severely restricted the scope and thereby the effectiveness of incident databases in some industries otherwise renowned for their care.

Second, this is hindsight about one feature. A company which never discussed in traceable form (that is, no e-mails, no documents, no minutes of meetings) anything related to the fitness-for-purpose of its safety-critical kit would, in many industries, not be able to put that kit on the market. Even as a practical matter, in the auto industry it's doubtful one would be able so to build a car. How could you possibly build a car, and emphasise its safety features in your adverts, without ever discussing in engineering or management meetings how it might kill people? Even if you wanted to attempt that in the EU, it's illegal! (EC 765/2008).

Third, since safety cases and independent assessments and so on are required in other transportation industries such as rail and air travel, this might argue for imposing such a regime in automobile production and sales. Even a company which systematically destroyed all engineering-related commentary which didn't make it into the safety case is still left with a massive track record of why it thinks its kit is adequately safe, including independent criticism and response. Say there had been such regulation in 2005 in the US, and Barr had been Toyota's assessor of its 2005 code. That kit would never have made it into the car, would it?

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany Tel+msg +49 (0)521 880 7319

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Tue Nov 12 2013 - 10:50:00 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST