[SystemSafety] Does "reliable" mean "safe" and or "secure" or neither?

Peter Bernard Ladkin ladkin at rvs.uni-bielefeld.de
Sat Apr 23 18:58:47 CEST 2016 

On 2016-04-23 13:34 , Nick Tudor wrote:
> As previously established...software does not have a reliability.

I think there is pretty much a consensus that the term "software reliability" does have a specified
meaning in software engineering. There is even a Handbook of Software Reliability Engineering
published by IEEE Computer Society Press (edited by Michael Lyu, 1995).

If anyone wants to claim the term has no meaning, then they are contradicting the IEC, and the IEEE,
both in its standards and in its handbook-publishing, which I show below, and apparently ANSI
(indirect reference from Koopman's 1999 course notes) as well as the standard texts
Laprie-Avizienis-Randell-Landwehr 2004 and its predecessor Laprie 1992, Leveson 1995, Bedford and
Cooke 2001, Rausand 2014, Birolini 2014, Somerville 2004. Phil Koopman gave a course on "Software
Reliability" in 1999 whose notes are on-line (he uses the IEEE definition). Littlewood has been
publishing in the area of software reliability for going on half a century (I'm not sure he'll thank
me for saying that :-) ) as well as having been the long-time editor for IEEE TSE for articles on
software reliability. There is, at City University London, a Centre for Software Reliability with a
very distinguished research staff, many of whom are here. There is also another one at Newcastle
University, which started and runs one of Europe's most successful industry-academic safety interest
groups (until Tom and Joan finally retire in a few months).

That's a long list of notable people/textbooks/handbooks as well as two major electrotechnical
standards organisations, who think the term has meaning, as well as two universities who use it in
the names of research organisations of theirs. And that's just what I can put together quickly from
what I have to hand. Not only that, these sources basically agree on what the meaning is, as we
shall see below.

Then there is Nick Tudor, who claims the term has no meaning, who claims it has been so
"established" here that it has no meaning. What astonishes me is that Nick thinks he has any support
at all for that view.

Here are the definitions.

Electropedia, the on-line version of IEC 60050, which defines all technical terms in IEC standards,
says, in definition 191-01-24, that
[begin cite IEC 60050]
191-01-24 reliability, <of an item>
[is the]
ability to perform as required, without failure, for a given time interval, under given conditions
[end cite IEC 60050]

where an "item" is

[begin cite IEC 60050]
191-01-01 item	
[is the]
subject being considered

Note 1 to entry: The item may be an individual part, component, device, functional unit, equipment,
subsystem, or system.

Note 2 to entry: The item may consist of hardware, software, people or any combination thereof.

[end cite IEC 60050]

A similar definition was available in the same document in 1985, referenced by the IFIP WG 10.4
dependability vocabulary (Laprie 1992). The 2004 Avizienis-Laprie-Randell-Landwehr vocabulary (an
update of Laprie 1992) says (as did Laprie 1992) that reliability is continuity of correct service.
Since the original referred to the IEC definition, I think it's fair to presume that the authors
meant their shorter version to say something similar, but using different words. They obviously
think the concept of reliability is applicable to software, as evidenced in this quote (from the
2004 document) "Reliability growth models, either for hardware, for software, or for both, are used
to perform reliability predictions from data about past system failures".

Leveson talks about software reliability explicitly on pp28-30 of Safeware.

Phil Koopman has a whole series of lecture notes for a course given in 1999 entitled "Software
Reliability" at https://users.ece.cmu.edu/~koopman/des_s99/sw_reliability/  The notes say that ANSI
and the IEEE Handbook use the definition "According to ANSI, Software Reliability is defined as: the
probability of failure-free software operation for a specified period of time in a specified
environment. [ANSI91][Lyu95]" That is obviously conformant with the IEC definition, specifying the
item as a piece of software.

Meine van de Meulen's collection of definitions (Definitions for Hardware and Software Safety
Engineers, Springer 2000) has an entry for "Software Reliability" (of course), and quotes IEEE
982.1, 1988 and IEEE 729, 1983: "the probability that software will not cause the failure of a
system for a specified time under specified conditions........" IEEE 729 is the Standard Glossary of
Software Engineering Terminology. IEEE 982.1 is the Standard Dictionary of Measures to Produce
Reliable Software. Van de Meulen also cites the definition from the well-known book Musa et al.,
Software Reliability; measurement, prediction, application (McGraw-Hill 1987).

Bedford and Cooke's standard text on Probabilistic Risk Analysis: Foundations and Methods (Cambridge
U.P., 2001) has a whole chapter, Chapter 12, entitled "Software Reliability".

Marvin Rausand's book on Reliability of Safety-Critical Systems (Wiley, 2014) defines reliability as
"the ability of an item to perform a required function, under given environmental and operational
conditions, and for a stated period of time" and further clarifies "...item may be an element, a
channel, a subsystem or the complete SIS, and it may include both hardware and software."

Alessandro Birolini's text on Reliability Engineering: Theory and Practice (Springer 2014) has an
entry in the index for "software reliability" which directs to "software quality", which refers to
Section 5.3 Design Guidelines for Software Quality. Software quality is "the degree to which a
softare package possesses a stated combination of quality attributes" (p160) and a list of such
quality attributes is given in Table 5.4 Important Software Quality Attributes and Characteristics,
amongst which is "Defect Freedom (Reliability)" defined as "Degree to which a software package can
execute its required functions without causing system failures".

Ian Somerville's standard text Software Engineering (7th edition, Pearson 2004) has a definition in
his accompanying slides (I don't have the text to hand):
"Software reliability
How likely is it that a software component will produce an incorrect output. Software failure is
usually distinct from hardware failure in that software does not wear out."

I'm now bored. Time for a glass of wine and some Chaucer (Bernard O'Donoghue's got a great new
"guided selection" out).

PBL

Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160423/e3c3e464/attachment.pgp>

More information about the systemsafety mailing list