Re: [SystemSafety] WG: words you cannot use at GM

From: Andrew Rae < >
Date: Thu, 22 May 2014 15:44:34 +0100

Put me in the "on the one hand, on the other hand" camp. I actually think "Acceptably safe" gets used as a halfway-house compromise between the two useful definitions of safety:
  1. "Safe" is the absolute of zero risk. It's not achievable, so we are never safe. We can just talk about how to approach this condition.
  2. "Safe" is the point where the level of risk becomes acceptable.

"Acceptable" is a loaded term, which requires unpacking, but that's the point. The unpacking are all questions we should ask. Acceptable to whom? Based on what information? Based on what standard of judging?

Too often, denying the term leads to failure to unpack. You aren't removing the concept of acceptable risk by refusing to talk about it. Pinto is a fantastic example for this. All cars have this nasty habit of spilling fuel and catching fire when you hit them hard enough in the right way. Small cars are less safe than big cars. At some point, even though they aren't "safe" (by definition 1 above) we're going to allow them onto the road. We're not going to make this decision in a sane way by denying that there is a finite risk that people are going to die, and that if we spent more money and effort those people might not die. Yes, it is an incredibly vague and shifting standard when it is okay to stop trying to make the car safer, but that's the reality of safety work.

That's why I hate this perception so common in the USA that it isn't OK to talk about risk and cost benefit analysis. Of course it's okay. More than that, it is a moral and legal obligation. Yes, if you make a cynical and unreasonable trade off with other people's lives, and then write that down on paper, the courts are not going to be happy. SO DON'T MAKE THE CYNICAL AND UNREASONABLE TRADEOFF! Court cases are not exercises in cherry picking your words. They're the exact opposite. If someone writes an email saying "this is a death trap" and it is one of ten thousand emails openly discussing and dealing with risk, the court is going to see those 10 thousand emails and the words in context. If you have a company policy "don't admit to anyone that we're selling death traps" the court is going to see that, too.

My system safety podcast: My phone number: +44 (0) 7783 446 814
University of York disclaimer:

On 22 May 2014 15:30, C. Michael Holloway <c.m.holloway_at_xxxxxx

> On 5/22/14 8:31 AM, Nancy Leveson wrote:
> I think saying that "acceptably safe" is safe is a ridiculous
> definition.
> On one hand, I concur. Reusing a word in its 'definition' leads to
> infinite regress (as Dewi pointed out earlier concerning GM), and violates
> generally accepted principles of lexicography.
> On the other hand, I completely disagree. "Safe" in the absolute sense
> (no chance whatsoever of harm) does not exist in reality. Well, except in
> baseball, where it is usually possible to determine conclusively whether
> someone is "safe" or "out." In practice, "safe" is always relative never
> absolute. So, it seems much more intellectually honest to admit that all
> discussions about safety are really discussions about an acceptable level
> of safety, than to pretend otherwise.
> Often when I talk about safety, I show the following definition of what I
> mean by the word "safe": not resulting in losses to life or health (except
> to the extent that the number and frequency of such losses is deemed by the
> public to be small enough so as to be outweighed by the benefit provided).
> I also note that this public deeming is almost always done implicitly and
> may change over time. As an example, the public generally perceived
> commercial air travel as safe many decades ago, when the accident rate was
> significantly higher than it is today. Were we to return to the accident
> rate of several decades past today, the public would no longer consider air
> travel to be safe.
> --
> *cMh*
> *C. Michael Holloway*, Senior Research Engineer
> Safety Critical Avionics Systems Branch, Research Directorate
> NASA Langley Research Center / MS 130 Hampton VA 23681-2199 USA
> office phone: +1.757.864.1701 *often forwarded to* +1.757.598.1707
> The words in this message are mine alone; neither blame nor credit NASA
> for them.
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx >

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Thu May 22 2014 - 16:44:46 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:06 CEST