[SystemSafety] Two White Papers

Les Chambers les at chambers.com.au
Fri Feb 15 01:54:24 CET 2013 

Bernard 
I enjoyed your White Paper on 61508. You are absolutely right, safety integrity 
level numbers are useless in the context of software. 
Once again I feel the need to state the obvious on the matter of building safe 
systems - something everyone who has ever built a safety critical system 
knows in their heart.
1. Safe systems are built by safe people.
2. Safety cannot be inspected, tested, audited or regulated into a complex 
software intensive system, it must be built in -- day by day -- every day.
3. Complex systems development is a craft. It requires highly experienced 
artisans to ensure that the delivered system does not kill anyone.
4. Claiming you have used the processes and practices called out in 61508 has 
no bearing on whether or not you used them well. Auditors are chronically 
incompetent and identifying poor or zero process/standards compliance. I'd like 
a dollar for every time I've seen a much vaunted and highly respected auditor 
skate over and completely miss the dirty linen in safety critical build. You will 
never see the dirt unless you're in it. This is why it blows my mind that 
regulators are being indicted for not seeing the problems in the 787's batteries. 
How could they possibly do that without working on the project, day to day.

If international standards bodies are to have any impact on safety they should 
invest their time in supporting the training, experience and qualification of the 
people who do the work.

At a practical level this means:
1. Detailed standards for safe code 
2. Detailed standards for designing safe architectures
3. Minimum requirements for safety related requirements specifications
4. Qualification criteria for the people doing the work
5. Qualification criteria for subject matter experts describing the requirements

As stated above audits are useless at discovering the devil in the details,  but 
some other reactive measures are showing promise. Companies such as 
Adobe and Oracle are spending significant dollars on identifying security 
vulnerabilities in their code. The going rate for identifying a security vulnerability 
in Adobe Acrobat Reader is $100,000 in Eastern Europe. That is a very strong 
driving force for a technical cohort that is willing to work for eight dollars an 
hour. A strong defence has quickly gathered in the West and some of the 
principles under which they operate, I believe, are applicable to safety. 
Automated proof of correctness does not scale to large code bodies, however 
gross measures of goodness are proving useful. Using these ideas, Oracle's 
team in Brisbane has discovered enough defects to keep their maintenance 
people working into the next millennia. 
So how about a standard covering gross measures of goodness in safety 
critical requirements, architectures and code? Something that can be validated 
with a software tool. You could start with a simple tool that finds words such 
as "appropriate" in requirements. That would be a huge leap forward.
Good luck and over to you.

Les
> I have just put two short White Papers up on the RVS publications page
> 
> White Paper 1, Standards for Standards: Improving the Process proposes 
three principles that would 
> improve both the technical quality of standards and their effectiveness at 
disseminating best 
> practice. http://www.rvs.uni-
bielefeld.de/publications/WhitePapers/RVSsfssPrinciples.pdf
> 
> White Paper 2, 61508 Weaknesses and Anomalies sets out some (all?) 
weaknesses of the E/E/PE 
> functional safety standard IEC 61508, along with some immediate prospects 
for potential improvement 
> of which we know. http://www.rvs.uni-
bielefeld.de/publications/WhitePapers/RVS61508Problems.pdf
> 
> We are very grateful for comments!
> 
> PBL
> 
> -- 
> Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 
33594 Bielefeld, Germany
> Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de
> 
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE



--
Les Chambers
les at chambers.com.au
+61 (0)412 648 992

More information about the systemsafety mailing list