[SystemSafety] "Security Risk" and Probability
Peter Bernard Ladkin
ladkin at rvs.uni-bielefeld.de
Thu Oct 26 09:15:05 CEST 2017
Following on from my blog post yesterday about people's attempts to equate SILs, a safety
requirement, with SLs, a security requirement, the question remains why one might want to try to do
so. An evident motivation might be that both entail requirements on code quality. A higher SIL and a
higher SL both require higher-quality code.
I give a simple example in
https://abnormaldistribution.org/index.php/2017/10/26/code-quality-for-safety-and-code-quality-for-security/
of a design which has perfect code quality for safety properties and poor code quality for security
properties. Code quality cannot be measured on one ordinal scale. It is multi-dimensional.
That vitiates any argument through code quality for wanting to equate SILs with SLs.
That code quality is parametrised by properties is obvious when you think about it. You write down
the list of properties P you want the code to fulfil and maybe it fulfils them. That doesn't
necessarily say anything about whether the code fulfils a completely different list of properties
P'. But people do seem to forget it frequently.
PBL
Prof. Peter Bernard Ladkin, Bielefeld, Germany
MoreInCommon
Je suis Charlie
Tel+msg +49 (0)521 880 7319 www.rvs-bi.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 525 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20171026/0740389c/attachment.sig>
More information about the systemsafety
mailing list