[SystemSafety] Agile methods

RICQUE Bertrand (SAGEM DEFENSE SECURITE) bertrand.ricque at sagem.com
Mon Sep 2 10:14:28 CEST 2013


This is when agile is understood in a professional way (not very common, never encountered in my experience - which proves nothing I agree). Usually the companies using agile methodologies I have crossed cover with this term :

·         No documentation

·         No traceability

·         Quick and dirty

Bertrand RICQUE
Program Manager, Optronics and Defense Division

T +33 (0)1 58 11 96 82
M +33 (0)6 87 47 84 64
23 avenue Carnot
91300 MASSY - FRANCE
http://www.sagem-ds.com<http://www.sagem-ds.com/>

[cid:image001.jpg at 01CEA7C4.D7B03100]

From: systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Les Chambers
Sent: Saturday, August 31, 2013 3:53 AM
To: 'René Senden'; 'Nancy Leveson'
Cc: systemsafety at techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Agile methods

Hi Rene
As you may have sensed by now, mentioning agile development in a room full of functional safety engineers introduces a stench that makes you want a look around and ask who ... It's lucky we're not crowded into a lift/elevator. Having said that, in my own practical experience, elements of the agile philosophy can be applied to functional safety. While a hazard analysis is done at the beginning of a project and functional safety requirements derived from it, these requirements are never complete or static. This is why most standards require the generation and maintenance of a hazard log throughout a project. Hazards arise from the operational environment but can also be introduced by design approaches. Also there are always those oops  moments when, on thinking through a problem in great detail, you gain insights that were not possible at the beginning of the project. Then there is always the guy with the knowledge that wasn't invited to the hazard analysis sessions and turns up with whole new take on safety including hard knowledge of past safety incidents that no one knew about.
The job of a functional safety engineer is to sit in on design reviews and highlight and document these hazards together with the agreed corrective action. In a practical sense the response to a hazard should be some kind of safety requirement that must be validated in the end product and verified in the design as it progresses. As one who has had the job of running a hazard log and closing it out at the end of the project I would like to see a more agile approach to implementing some of these in-process generated requirements. This is where agile comes in. The fundamental principle of agile is incremental generation of requirements in close cooperation with the customer and regular demonstration of progress in implementing those requirements that allows a customer to give feedback. Too many projects I have been associated with have left implementing in-process generated requirements far too long to the point where it's almost too late and very expensive to do the necessary work, hence the need for more agility and a faster turnaround on implementing requirements in the design.
In summary, using agile as the core methodology for a safety critical system build is just not practical but using agile ideas in aspects of such a project can be beneficial. In other words I'm advocating a mash up which inevitably happens in the real world.
A note of caution though: if you are working with an organisation that insists on using 100% agile principles in a safety critical system build its highly likely they have no experience in that field and are dangerous people. Run!!
Cheers
Les

From: systemsafety-bounces at lists.techfak.uni-bielefeld.de<mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de> [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de]<mailto:[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de]> On Behalf Of René Senden
Sent: Saturday, August 31, 2013 3:30 AM
To: 'Nancy Leveson'
Cc: systemsafety at techfak.uni-bielefeld.de<mailto:systemsafety at techfak.uni-bielefeld.de>
Subject: Re: [SystemSafety] Agile methods

I appreciate your input, however, my question addresses a specific situation that some of you may have encountered in practice...
It is such practical experience I am interested in...
Let me rephrase... I was not very clear/accurate in describing my query...
Have you encountered a situation, in industrial practice, in which an organization developing software following an agile methodology
has to comply with a safety standard which has specific requirements on the software development process? A typical example of
such safety standard, with respect to its requirements on the sw-dev, would be IEC-61508 Part 3 or DO-178...

Rene

From: Nancy Leveson [mailto:leveson.nancy8 at gmail.com]<mailto:[mailto:leveson.nancy8 at gmail.com]>
Sent: vrijdag 30 augustus 2013 19:14
To: René Senden
Cc: systemsafety at techfak.uni-bielefeld.de<mailto:systemsafety at techfak.uni-bielefeld.de>
Subject: Re: [SystemSafety] Agile methods

Definitions always differ among the users of terms. But if the Agile methods being considered do not start with a complete and thorough specification of all the system/software safety requirements before anything else, then the system resulting system/software design will almost surely be less safe than one that does. Whether it coincides with other standards (most of which are very deficient with respect to safety) is not really important, is it?

Nancy

On Fri, Aug 30, 2013 at 1:02 PM, René Senden <rene.senden at gmail.com<mailto:rene.senden at gmail.com>> wrote:
Dear all,

Do any of you have practical experience with reconciling established agile
software development with software safety requirements (e.g. IEC-61508 or
DO-178..) ?

Best regards,
Rene

_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE<mailto:systemsafety at TechFak.Uni-Bielefeld.DE>



--
Prof. Nancy Leveson
Aeronautics and Astronautics and Engineering Systems
MIT, Room 33-334
77 Massachusetts Ave.
Cambridge, MA 02142

Telephone: 617-258-0505
Email: leveson at mit.edu<mailto:leveson at mit.edu>
URL: http://sunnyday.mit.edu
#
" Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés."
******
" This e-mail and any attached documents may contain confidential or proprietary information. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system."
#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20130902/fb924c18/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1835 bytes
Desc: image001.jpg
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20130902/fb924c18/attachment-0001.jpg>


More information about the systemsafety mailing list