[SystemSafety] Agile methods
Thierry.Coq at dnv.com
Thierry.Coq at dnv.com
Mon Sep 2 10:54:06 CEST 2013
Hi
One of the problems of Agile methods is that they focus on the "program" as the main deliverable.
In the context of Functional Safety, once it's understood the main deliverable of a SIS is a demonstrated reduction in risk, the Agle principles could be applied. The whole process should be very clearly written down in the (integrated) functional safety plan. In the real life, I've mostly never seen it. Usually the worst breakdown is at the interface between the requirements owner and the Agile team.
Even for more "normal" projects, Agile Design should be preferred over Agile Programming, with good QA support and extensive tooling. And that after initial Architecture. Agile Programming almost always results like Bertrand writes in very poor documents, poor testing, poor architecture and poor programming.
Best regards,
Thierry Coq
DNV
From: systemsafety-bounces at lists.techfak.uni-bielefeld.de [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of RICQUE Bertrand (SAGEM DEFENSE SECURITE)
Sent: lundi 2 septembre 2013 10:14
To: systemsafety at techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Agile methods
This is when agile is understood in a professional way (not very common, never encountered in my experience - which proves nothing I agree). Usually the companies using agile methodologies I have crossed cover with this term :
· No documentation
· No traceability
· Quick and dirty
Bertrand RICQUE
Program Manager, Optronics and Defense Division
T +33 (0)1 58 11 96 82
M +33 (0)6 87 47 84 64
23 avenue Carnot
91300 MASSY - FRANCE
http://www.sagem-ds.com<http://www.sagem-ds.com/>
[Description : cid:image002.jpg at 01CCD767.029CDE20]
From: systemsafety-bounces at lists.techfak.uni-bielefeld.de<mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de> [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Les Chambers
Sent: Saturday, August 31, 2013 3:53 AM
To: 'René Senden'; 'Nancy Leveson'
Cc: systemsafety at techfak.uni-bielefeld.de<mailto:systemsafety at techfak.uni-bielefeld.de>
Subject: Re: [SystemSafety] Agile methods
Hi Rene
As you may have sensed by now, mentioning agile development in a room full of functional safety engineers introduces a stench that makes you want a look around and ask who ... It's lucky we're not crowded into a lift/elevator. Having said that, in my own practical experience, elements of the agile philosophy can be applied to functional safety. While a hazard analysis is done at the beginning of a project and functional safety requirements derived from it, these requirements are never complete or static. This is why most standards require the generation and maintenance of a hazard log throughout a project. Hazards arise from the operational environment but can also be introduced by design approaches. Also there are always those oops moments when, on thinking through a problem in great detail, you gain insights that were not possible at the beginning of the project. Then there is always the guy with the knowledge that wasn't invited to the hazard analysis sessions and turns up with whole new take on safety including hard knowledge of past safety incidents that no one knew about.
The job of a functional safety engineer is to sit in on design reviews and highlight and document these hazards together with the agreed corrective action. In a practical sense the response to a hazard should be some kind of safety requirement that must be validated in the end product and verified in the design as it progresses. As one who has had the job of running a hazard log and closing it out at the end of the project I would like to see a more agile approach to implementing some of these in-process generated requirements. This is where agile comes in. The fundamental principle of agile is incremental generation of requirements in close cooperation with the customer and regular demonstration of progress in implementing those requirements that allows a customer to give feedback. Too many projects I have been associated with have left implementing in-process generated requirements far too long to the point where it's almost too late and very expensive to do the necessary work, hence the need for more agility and a faster turnaround on implementing requirements in the design.
In summary, using agile as the core methodology for a safety critical system build is just not practical but using agile ideas in aspects of such a project can be beneficial. In other words I'm advocating a mash up which inevitably happens in the real world.
A note of caution though: if you are working with an organisation that insists on using 100% agile principles in a safety critical system build its highly likely they have no experience in that field and are dangerous people. Run!!
Cheers
Les
From: systemsafety-bounces at lists.techfak.uni-bielefeld.de<mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de> [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de]<mailto:[mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de]> On Behalf Of René Senden
Sent: Saturday, August 31, 2013 3:30 AM
To: 'Nancy Leveson'
Cc: systemsafety at techfak.uni-bielefeld.de<mailto:systemsafety at techfak.uni-bielefeld.de>
Subject: Re: [SystemSafety] Agile methods
I appreciate your input, however, my question addresses a specific situation that some of you may have encountered in practice...
It is such practical experience I am interested in...
Let me rephrase... I was not very clear/accurate in describing my query...
Have you encountered a situation, in industrial practice, in which an organization developing software following an agile methodology
has to comply with a safety standard which has specific requirements on the software development process? A typical example of
such safety standard, with respect to its requirements on the sw-dev, would be IEC-61508 Part 3 or DO-178...
Rene
From: Nancy Leveson [mailto:leveson.nancy8 at gmail.com]<mailto:[mailto:leveson.nancy8 at gmail.com]>
Sent: vrijdag 30 augustus 2013 19:14
To: René Senden
Cc: systemsafety at techfak.uni-bielefeld.de<mailto:systemsafety at techfak.uni-bielefeld.de>
Subject: Re: [SystemSafety] Agile methods
Definitions always differ among the users of terms. But if the Agile methods being considered do not start with a complete and thorough specification of all the system/software safety requirements before anything else, then the system resulting system/software design will almost surely be less safe than one that does. Whether it coincides with other standards (most of which are very deficient with respect to safety) is not really important, is it?
Nancy
On Fri, Aug 30, 2013 at 1:02 PM, René Senden <rene.senden at gmail.com<mailto:rene.senden at gmail.com>> wrote:
Dear all,
Do any of you have practical experience with reconciling established agile
software development with software safety requirements (e.g. IEC-61508 or
DO-178..) ?
Best regards,
Rene
_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE<mailto:systemsafety at TechFak.Uni-Bielefeld.DE>
--
Prof. Nancy Leveson
Aeronautics and Astronautics and Engineering Systems
MIT, Room 33-334
77 Massachusetts Ave.
Cambridge, MA 02142
Telephone: 617-258-0505
Email: leveson at mit.edu<mailto:leveson at mit.edu>
URL: http://sunnyday.mit.edu
#
" Ce courriel et les documents qui lui sont joints peuvent contenir des informations confidentielles ou ayant un caractère privé. S'ils ne vous sont pas destinés, nous vous signalons qu'il est strictement interdit de les divulguer, de les reproduire ou d'en utiliser de quelque manière que ce soit le contenu. Si ce message vous a été transmis par erreur, merci d'en informer l'expéditeur et de supprimer immédiatement de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés."
******
" This e-mail and any attached documents may contain confidential or proprietary information. If you are not the intended recipient, you are notified that any dissemination, copying of this e-mail and any attachments thereto or use of their contents by any means whatsoever is strictly prohibited. If you have received this e-mail in error, please advise the sender immediately and delete this e-mail and all attached documents from your computer system."
#
**************************************************************************************
The contents of this e-mail message and any attachments are confidential and are intended solely for the addressee. If you have received this transmission in error, please immediately notify the sender by return e-mail and delete this message and its attachments. Any unauthorized use, copying or dissemination of this transmission is prohibited. Neither the confidentiality nor the integrity of this message can be vouched for following transmission on the Internet.
**************************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20130902/89457116/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1835 bytes
Desc: image001.jpg
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20130902/89457116/attachment-0001.jpg>
More information about the systemsafety
mailing list