Re: [SystemSafety] OpenSSL Bug

From: Steve Tockey < >
Date: Wed, 16 Apr 2014 22:32:03 +0000

Instead of blaming the person, how about we blame the process? And then take active steps to fix the process?

From: "C. Michael Holloway" <c.m.holloway_at_xxxxxx Organization: NASA Langley Research Center Date: Wednesday, April 16, 2014 9:23 AM
Subject: Re: [SystemSafety] OpenSSL Bug

On 4/16/14 11:36 AM, Steve Tockey wrote:

Actually I'm going to respectfully disagree with that. I'm going to claim I can trace it back to incomplete requirements & resulting inadequate design.

I agree that this trace is possible. It is possible for nearly all (perhaps all) errors in software to be analyzed so as to find a plausible way in which the error is "really" a mistake in requirements.

Just as it is possible to "blame" the pilot for nearly every airplane accident, so, too it is possible to "blame" the requirements for nearly every software problem. The latter is no more useful than the former.


C. Michael Holloway, Senior Research Engineer
Safety Critical Avionics Systems Branch, Research Directorate
NASA Langley Research Center / MS 130 Hampton VA 23681-2199 USA
office phone: +1.757.864.1701 often forwarded to +1.757.598.1707

The words in this message are mine alone; neither blame nor credit NASA for them.

_______________________________________________ The System Safety Mailing List systemsafety_at_xxxxxx
Received on Thu Apr 17 2014 - 00:32:16 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST