[SystemSafety] Looking for information about safety-critical software faults in road vehicles

SPRIGGS, John J John.SPRIGGS at nats.co.uk
Tue Aug 21 09:49:37 CEST 2018

... and as a more-general comment to Mario's more-general comment:  The problem with going through reports of accidents and incidents is that the reporter is probably not even aware that there is software in the system, and so it is not mentioned.  If the reports include some follow-up investigation, it is often discussing functions and malfunctions without mention of implementation detail.


-----Original Message-----
From: systemsafety [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Mario Gleirscher
Sent: 20 August 2018 20:01
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] Looking for information about safety-critical software faults in road vehicles

Hi all,

the following could be seen as a more general comment to that request:

About two years ago, I had mentored a master student whose task it was to go through case reports (reports on accidents, incidents, and the like, you know) to find out about software-related issues. The student went through say about 300 such reports from various databases, one of the larger automotive case report databases was very nice to search in but of little use to get informed about root causes.

One of our conclusions was that quality of root cause documentation in case reports is varying drastically across domains. The situation is quite ok for e.g. train systems, but comparably immature in the automotive domain. We were first surprised and had a few discussions, but of course realized that there might be quite a few reasons for not disclosing such information in case reports beyond a low level of detail.

However, anecdotal evidence (from cases we all know about and from further interviews we were able to conduct) suggested that SW might be more often part*) of the root cause than we observed from the reports.
However, we were not able to have this, at least in pieces, confirmed from the case reports. Frankly said, that was a bit frustrating!

*) And I like to make that clear: I am not only talking about the more directly tangible issues in older/more mature domains like motor control or the braking loop (a few years ago), but particularly about interaction phenomena in the distributed networked systems that are known to be almost impossible to handle without proper methodology and regularly generate tremendous amounts of analysis effort (not to talk of the costs from that, weekly annoying car manufacturers).

I am curious to hear more about the cases people on this list know?

Best wishes,

On 20/08/18 18:20, Andrew Banks wrote:
> I'm not sure how many publically available responses this will generate...
> I am aware (as a developer at and/or a consultant to, several companies) a number of issues that were caught late but fixed without fanfare - but I'm not at liberty to discuss in depth.
> Particular areas that have come up repeatedly are to do with battery management (eg triggering thermal runaway) and motor control, both in electric/hybrid vehicles.
> A
> -----Original Message-----
> From: systemsafety 
> [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf 
> Of Martyn Thomas
> Sent: 11 August 2018 10:11
> To: systemsafety at lists.techfak.uni-bielefeld.de
> Subject: [SystemSafety] Looking for information about safety-critical 
> software faults in road vehicles
> Other than the "uncommanded acceleration" reports and the remote control of vehicles by researchers, can anyone give me details of safety-critical software faults discovered in road vehicle software?
> I well understand that manufacturers may have corrected such faults 
> (or
> not) without a recall or publicity and that details may be very sensitive. I will give strong assurances of confidentiality - I'm just trying to understand the scale of known issues.
> Martyn
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE

If you are not the intended recipient, please notify our Help Desk at Email information.solutions at nats.co.uk
immediately. You should not copy or use this email or attachment(s) for any purpose nor disclose
their contents to any other person.

NATS computer systems may be monitored and communications carried on them recorded, to 
secure the effective operation of the system.

Please note that neither NATS nor the sender accepts any responsibility for viruses or any losses
caused as a result of viruses and it is your responsibility to scan or otherwise check this email
and any attachments.

NATS means NATS (En Route) plc (company number: 4129273), NATS (Services) Ltd 
(company number 4129270), NATSNAV Ltd (company number: 4164590) 
or NATS Ltd (company number 3155567) or NATS Holdings Ltd (company number 4138218). 
All companies are registered in England and their registered office is at 4000 Parkway, 
Whiteley, Fareham, Hampshire, PO15 7FL.


More information about the systemsafety mailing list