[SystemSafety] a public beta phase ???

Martyn Thomas martyn at thomas-associates.co.uk
Sun Jul 17 19:45:36 CEST 2016 

Peter

One of us is missing the point. I'll assume it's you :-)

I was responding to your comment about learning from accidents by
improving (i.e. changing) the technology. (Let's assume we mean "software").

In general, it's unlikely that the lesson learned from an accident will
be that we need to add a simple function such as a speed limiter but,
even if it does, a claim that the change had improved safety would need
to show that the introduction of the new function had not had a larger
negative effect on the safe behavious of the existing software.

It's that step that I don't know how to do, in general.

Martyn



On 17/07/2016 17:38, Peter Bernard Ladkin wrote:
>
> On 2016-07-17 15:45 , Martyn Thomas wrote:
>> On 17/07/2016 13:51, Peter Bernard Ladkin wrote:
>>> And we presume, or legislate, that the technology will be incrementally
>>> adapted to the "lessons learned" from these analyses. That will happen, because the alternative is
>>> that accidents are not investigated and lessons are not learned, and that is unacceptable.
>> Isn't there at least one step missing here? 
> Yes. As I said,
>
> On 2016-07-17 14:51 , Peter Bernard Ladkin wrote:
>> Is that alone a way to proceed? Not by itself, for it specifies nothing about the specific duties
>> of care of the manufacturer in introducing the AP to the market in the first place.
> One possible formulation of a duty of care is
>
> On 2016-07-17 15:45 , Martyn Thomas wrote:
>> ..... Isn't it necessary to have adequate confidence (for some
>> agreed meaning of 'adequate') that the new technology, with the "lessons learned" will have fewer
>> accidents than the technology it replaces?
> That would be an MGS/GAMAB criterion. I could see others, for example a demonstration that certain
> classes of serious accidents would have significantly reduced occurrence, even though nothing would
> be claimed about reducing the number of accidents overall.
>
> For example, a reliable automatic speed limiter would reduce accidents involving overspeed, even
> though nothing might be said about reducing the number of accidents overall.
>
>> If that /is/ necessary, how could it be achieved?
> If I can step back from an unspecified level of automation and just talk about a reliable automatic
> speed limiter, I would imagine a few of us could see how to approach that.
>
> And once we've done the speed limiter, we could try doing other specific functions, one by one.
>
> PBL
>
> Prof. Peter Bernard Ladkin, Bielefeld, Germany
> MoreInCommon
> Je suis Charlie
> Tel+msg +49 (0)521 880 7319  www.rvs-bi.de
>
>
>
>
>
>
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160717/de6b8bfe/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 560 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160717/de6b8bfe/attachment-0001.pgp>

More information about the systemsafety mailing list