Re: [SystemSafety] Safety Cases: Contextualizing & Confirmation Bias -- Fault Injection

From: Peter Bernard Ladkin < >
Date: Mon, 10 Feb 2014 15:30:30 +0100

On 2/10/14 2:30 PM, Stachour, Paul D CCS wrote:

> Is such an activity [fault injection] part of a safety case?
> Or is it “just good product / systems engineering”?

I would think that a well-designed fault-injection activity and suitable satisfactory outcome could and likely would be part of the reasons why you would think your system appropriately safe.

There is always a problem, though, with trying to demonstrate a lack: "no problems found". For then, you have to argue on the meta-level that and how your fault-injection activity was in some sense complete.

Had Toyota performed such well-designed fault-injection activity and discovered the phenomena which the plaintiffs' experts discovered in Bookout vs. Toyota, then they would likely have mitigated those phenomena - how could one not? It might have indicated to them that those issues would be hard to solve using the monolithic SW architecture they had chosen.

Until it becomes part of "good systems engineering" it is likely to remain part of "good expert witness engineering".

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany Tel+msg +49 (0)521 880 7319

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Mon Feb 10 2014 - 15:30:40 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST