Re: [SystemSafety] Stupid Software Errors [was: Overflow......]

From: Les Chambers < >
Date: Tue, 5 May 2015 08:28:16 +1000


There's a lot of wishful thinking going on here. Various levels of certification are great ideas but their implementation has always been patchy and probably always will be.

If you are a concerned person (and there are many of us, looking down the barrel of retirement) all I can suggest is that you put your money on self interest, because it's the only horse that's trying.

It turns out that you can't sustain a business that makes products that kill people (commercial self-interest). So it's up to the people that manage these companies, from board level down to the team leaders that manage these cool, groovy, agile twentysomethings. I've never met one of these kids who didn't want to do a good job and be recognised as a professional by his or her peers (personal self-interest). It is up to management to define what professionalism means in each individual workplace. Simple measures like getting them in a room once a week and having a discussion about ugly, unsafe code and general violence against software products, followed by patterns for safe coding practice. This kind of activity used to be facilitated by the software quality manager who unfortunately is becoming an endangered species.

On the plus side I believe that there are two things that must happen, are currently slowly happening and ultimately will happen because the commercial enterprises that build and sell software will not be able to function without them now and in the future:

  1. Generation of code from models
  2. Model validators

So returning to the self-interest theme, if you manage a team of developers, get out of your chair and go down and have a look at them, ask yourself if you really know what's going on inside their heads. If they are fresh out of university it's probably not what you want. So do something about it for your own sake and their's. Do something useful before you kick it into touch, leave a legacy. You may rate a memorial.

On the subject of pledges, I add:

I pledge that I will occupy the jump seat on the first flight.  

I actually volunteered to do this on an F 111 missile program once. The program manager dismissed my enthusiasm as an irrelevance. A few years later I met a guy on a bus. He just happened to be an F 111 airframe engineer. It turned out that he routinely flew in the navigators seat. He told me management made much of this measure as a safety motivator. Huh?

I continue to shake my head over these rear echelon types who think (with a giggle) that software will come together on the day. I've been hoping they'd die off and be replaced by new enlightened ones. I have a horrible feeling that this is not happening ...    

From: systemsafety-bounces_at_xxxxxx [mailto:systemsafety-bounces_at_xxxxxx Steve Tockey
Sent: Tuesday, May 5, 2015 7:09 AM
To: Andy Ashworth
Cc: The System Safety List
Subject: Re: [SystemSafety] Stupid Software Errors [was: Overflow......]    

There are three possible angles of attack:  

*) Trust/certify the developers

*) Trust/certify the process

*) Trust/certify the product  

While I personally would vote for a combination of all three-particularly in safety- and mission-critical projects-one thing DO-178C/ED-12C does have going for it is that it is a pretty good way (although definitely not perfect) of trusting/certifying the process. I trust DO-178C/ED-12C much more than the FDA's requirements on medical device software.        

From: Andy Ashworth <andy_at_xxxxxx Date: Monday, May 4, 2015 2:02 PM
To: Steve Tockey <Steve.Tockey_at_xxxxxx Cc: Mike Ellims <michael.ellims_at_xxxxxx <M.Pont_at_xxxxxx <systemsafety_at_xxxxxx Subject: Re: [SystemSafety] Stupid Software Errors [was: Overflow......]  

So safety critical software today is being developed by inexperienced personnel with little or no relevant training... I guess on the positive side, development costs are cheap :(

Sent from my iPhone

On May 4, 2015, at 16:59, Steve Tockey <Steve.Tockey_at_xxxxxx  

With the average age of developers being about 29 years old, maybe most aren't old enough. And many have no formal software education so even a discussion of such failures in a degree program would have little effect on the target population.      

From: Mike Ellims <michael.ellims_at_xxxxxx Date: Monday, May 4, 2015 1:01 PM
To: 'Andy Ashworth' <andy_at_xxxxxx <M.Pont_at_xxxxxx
Cc: 'The System Safety List' <systemsafety_at_xxxxxx Subject: Re: [SystemSafety] Stupid Software Errors [was: Overflow......]  

> With the established history of date/time roll-over issues, shouldn't any
date be viewed with suspicion during design safety analysis appropriate defensive design measures put in place?  

The question is why?

I know this issue is documented in at least one book.

Did any of the programmers/coder on this even know about previous examples?    

From:systemsafety-bounces_at_xxxxxx [mailto:systemsafety-bounces_at_xxxxxx Andy Ashworth
Sent: 04 May 2015 13:55
To: M.Pont_at_xxxxxx
Cc: The System Safety List
Subject: Re: [SystemSafety] Stupid Software Errors [was: Overflow......]  

Why wait until testing? With the established history of date/time roll-over issues, shouldn't any date be viewed with suspicion during design safety analysis appropriate defensive design measures put in place?  

Andy

Sent from my iPhone

On May 4, 2015, at 08:49, Michael J. Pont <M.Pont_at_xxxxxx

Matthew:  

"On the other hand I don't think we should loose sight of the fact that the Boeing 'bug' was found by running a long duration simulation, not by an airliner falling out of the sky. So perhaps thanks is due to the Boeing safety or software engineer(s) who insisted on a long run endurance test and who might have actually learned something from history?"  

OK - but maybe next time we can ask them to do this testing before the aircraft goes into service .  

Michael.  

Michael J. Pont

SafeTTy Systems Ltd.



The System Safety Mailing List
systemsafety_at_xxxxxx  

 <http://www.avast.com/> Image removed by sender. Avast logo

This email has been checked for viruses by Avast antivirus software. www.avast.com <http://www.avast.com/>  



The System Safety Mailing List
systemsafety_at_xxxxxx Received on Tue May 05 2015 - 00:28:44 CEST

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST