[SystemSafety] Paper on Software Reliability and the Urn Model

Peter Bernard Ladkin ladkin at rvs.uni-bielefeld.de
Wed Feb 25 10:00:54 CET 2015

I have recently been involved in discussions concerning rewriting IEC 61508-7:2010 Annex D, a short
informative section attempting to explain the statistical evaluation of the reliability of SW for
which there is an operational history.

Lots of things come up. People don't understand what the urn model has to do with software
evaluation. I have recently experienced reliability experts making incorrect claims, and non-experts
finding it difficult to adjudicate those claims. I've been discussing these matters with Bev
Littlewood and Jens Braband.

I think there is a need for some clarity. I am (amongst other things) an experienced mathematician,
but I find most applied-statistics textbooks almost impenetrable, and it's clear that it's worse for
people who don't have even my background. The very best explanation I have ever found of the basics
of statistical inference was written by a philosopher, Ian Hacking.

Some professionals don't even like the urn model for explaining SW reliability (you know who you
are! :-) ). But I think it's pretty good for some purposes, even though in Annex D it just seems to
be stuck on like a Post-It note.

I think there are good reasons for explaining software reliability engineering in straightforward
terms to people who are not expert. So I wrote a note using the urn model and the interpretation of
(some kinds of) software into the urn model. I use it to refute two mistaken claims that I have
recently heard and read.



Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de

More information about the systemsafety mailing list