[SystemSafety] A couple of anecdotes on requirements engineering
Olwen Morgan
olwen at phaedsys.com
Wed Oct 17 11:46:52 CEST 2018
Would you believe that I've done *all* of the things you suggest at
various times and *still been ignored* ? I once copied an email warning
about inadequate practices to one company's entire board of directors.
They believed my incompetent manager instead of me. Groupthink rules
among the asinine.
O
On 17/10/2018 10:19, Martyn Thomas wrote:
> Olwen
>
> You might have more success if you pointed out
>
> a) that any competent adversary wanting to compromise the system will
> certainly try fuzzing, and
>
> b) that any safety-related control system that hasn't been assured
> against such attacks is potentially illegal in the UK under HSWA 1974
> (2) and (3) [because risks haven't been reduced SFAIRP] and may (if
> disruption could affect enough people) also violate the NIS directive
> (leading to a fine of up to 4% of global turnover even if no disruption
> ever occurs).
>
> c) that a fatality could lead to a prosecution for corporate
> manslaughter and that now the directors know of the problem, they could
> go to jail if such a prosecution is brought successfully.
>
> If you really want to stir things up, copy your message to the auditors
> for consideration in their "continuing business" test, as that puts them
> on the hook too.
>
> Martyn
>
>
> On 14/10/2018 18:44, Olwen Morgan wrote:
>> Whenever I work on a safety-related control system, I always point out
>> that the requirements should take account of the total system
>> including both the control unit and the environment whence it receives
>> stimuli. That way you can at least get some idea of a system's
>> response to out-of-specification adventitious conditions. I've not yet
>> succeeded in convincing anyone of the sense of this approach on a
>> small-scale embedded development.
>
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20181017/cec5baf0/attachment.html>
More information about the systemsafety
mailing list