[SystemSafety] Safety Cases: Contextualizing & Confirmation Bias -- Fault Injection
Peter Bernard Ladkin
ladkin at rvs.uni-bielefeld.de
Mon Feb 10 15:30:30 CET 2014
On 2/10/14 2:30 PM, Stachour, Paul D CCS wrote:
> Is such an activity [fault injection] part of a safety case?
>
> Or is it “just good product / systems engineering”?
I would think that a well-designed fault-injection activity and suitable satisfactory outcome could
and likely would be part of the reasons why you would think your system appropriately safe.
There is always a problem, though, with trying to demonstrate a lack: "no problems found". For then,
you have to argue on the meta-level that and how your fault-injection activity was in some sense
complete.
Had Toyota performed such well-designed fault-injection activity and discovered the phenomena which
the plaintiffs' experts discovered in Bookout vs. Toyota, then they would likely have mitigated
those phenomena - how could one not? It might have indicated to them that those issues would be hard
to solve using the monolithic SW architecture they had chosen.
Until it becomes part of "good systems engineering" it is likely to remain part of "good expert
witness engineering".
PBL
Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
More information about the systemsafety
mailing list