[SystemSafety] a discursion stimulated by recent discussions of alleged safety-critical software faults in automobile software
Peter Bernard Ladkin
ladkin at rvs.uni-bielefeld.de
Tue Nov 12 10:49:49 CET 2013
On 11/12/13 10:25 AM, Parker, Stephen wrote:
> Its worrying that Toyota would be in a better position by not discussing this internally. That
> seems a recipe for reducing software quality to me.
First, this is a known problem for many decades, and not just with SW. Ever since the Ford Pinto
case in the US in the 1970's, most large companies building safety-critical kit have known that
analyses you perform are subject to discovery proceedings and can be (Ford and others argue:
mis-)interpreted by courts. Some (Chris Johnson comes to mind) have suggested this has severely
restricted the scope and thereby the effectiveness of incident databases in some industries
otherwise renowned for their care.
Second, this is hindsight about one feature. A company which never discussed in traceable form (that
is, no e-mails, no documents, no minutes of meetings) anything related to the fitness-for-purpose of
its safety-critical kit would, in many industries, not be able to put that kit on the market. Even
as a practical matter, in the auto industry it's doubtful one would be able so to build a car. How
could you possibly build a car, and emphasise its safety features in your adverts, without ever
discussing in engineering or management meetings how it might kill people? Even if you wanted to
attempt that in the EU, it's illegal! (EC 765/2008).
Third, since safety cases and independent assessments and so on are required in other transportation
industries such as rail and air travel, this might argue for imposing such a regime in automobile
production and sales. Even a company which systematically destroyed all engineering-related
commentary which didn't make it into the safety case is still left with a massive track record of
why it thinks its kit is adequately safe, including independent criticism and response. Say there
had been such regulation in 2005 in the US, and Barr had been Toyota's assessor of its 2005 code.
That kit would never have made it into the car, would it?
PBL
Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
More information about the systemsafety
mailing list