[SystemSafety] A Fire Code for Software?

Sun Mar 18 17:15:06 CET 2018

On 18/03/2018 09:59, Peter Bernard Ladkin wrote:

> Another move could be holding SW and SW-based-kit supply companies more accountable for deficits in
> their products. But the question of assigning responsibility for such a deficit is already
> fiendishly complicated, because of the complexity of the supply chain. It might just result in
> expanded legal departments everywhere, along with ensuing price rise to pay for them.
>
> I don't think the question of getting everyone to use more reliable development methods for SW is an
> easy one. Neither do I think it will be the solution to the "SW problem". Requirements engineering
> poses challenges that are at least as big, and to my mind less susceptible to pro forma solution.
Consider the UK Health and Safety at Work Act 
<https://www.legislation.gov.uk/ukpga/1974/37>

Section 3 (1)  imposes a duty on employers to reduce the risks to the
general public "so far as is reasonably practicable" (SFAIRP).

/"It shall be the duty of every employer to conduct his undertaking in
such a way as to ensure, so far as is reasonably practicable, that
persons not in his employment who may be affected thereby are not
thereby exposed to risks to their health or safety."/

SFAIRP has ben legally defined to mean that an employer who chooses to
claim that they have met the SFAIRP duty must show that they have
assessed the costs of reducing the risks further, and that they have
assessed the benefit of reducing the risks further, and that the costs
are "grossly disproportionate" to the benefit obtained.

I doubt that many developers of safety-related systems would be able to
pass that test. Notice that the burden of proof rests on the party
seeking to rely on the claim that the risks *have* been reduced SFAIRP.

Section 6 <https://www.legislation.gov.uk/ukpga/1974/37/section/6> is
also relevant to this discussion  (I quote selectively below)

/"(1) It shall be the duty of any person who designs, manufactures,
imports or supplies any article for use at work or any article of
fairground equipment—//
//
//(a) to ensure, so far as is reasonably practicable, that the article
is so designed and constructed that it will be safe and without risks to
health at all times when it is being set, used, cleaned or maintained by
a person at work;//
//
//(b) to carry out or arrange for the carrying out of such testing and
examination as may be necessary for the performance of the duty imposed
on him by the preceding paragraph;..."/

/(2 )It shall be the duty of any person who undertakes the design or
manufacture of any article for use at work ...  to carry out or arrange
for the carrying out of any necessary research with a view to the
discovery and, so far as is reasonably practicable, the elimination or
minimisation of any risks to health or safety to which the design or
article may give rise.

/I have no knowledge that these legal duties have ever been used as the
basis for a prosecution or claim for damages following an accident
attributed in any way to the unsafe behaviour of a software based
system. If anyone knows of such a case, please send me a reference.

It is a criminal offence to breach HSWA 1974 and the sentencing
guidelines for convictions under HSWA 1974 were revised a couple of
years ago. In several cases last year the duty holder was fined more
than £1m and in a few cases the duty holder was sent to prison.

Martyn

/
/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20180318/75475fd2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20180318/75475fd2/attachment-0001.sig>