[SystemSafety] A small taste of what we're up against

Michael J. Pont M.Pont at SafeTTy.net
Thu Oct 25 12:38:39 CEST 2018 

Martyn,

Surely it is accepted that there are many factors here, and one key role of safety standards (in this case, ISO 26262) is to help organisations to address the various competing concerns, while still getting a product out of the door in reasonable time.

In my view, ISO 26262: 2011 does not suggest that C is an inappropriate programming language for use in the development of safety-critical automotive systems.   

People on this list may feel that the standard is wrong.  If so, then - in my view - they need to argue for a change in the standard.  Arguing for such a change is likely to be easier if there is evidence that the widespread use of C is making travel by road less safe.  

Michael. 

-----Original Message-----
From: systemsafety [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Martyn Thomas
Sent: 25 October 2018 11:01
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] A small taste of what we're up against

Michael

That's a fair challenge, but where would the data come from? Fatal accidents rarely lead top investigation of software defects as a possible contributory factor, so there are very few automotive fatalities that are publicly attributed to software defects; but I don't want to conclude that this shows that automotive software development is good enough. In the absence of causal data, it seems reasonable to continue to eliminate avoidable risks.

The usual challenge then is "but show that the benefits justify the costs".  However, the UK legislation (HSWA) is clear: there is a duty to reduce risks "so far as is reasonably practicable" and if an employer wants to claim that this has been done, then the burden of proof is on the employer, not on those of us who are arguing the contrary opinion.

The employer would need to show that the cost of further risk reduction would be "grossly disproportionate" to the benefits that would be obtained. And in the case of vehicles being supplied for work-related driving, the employer has the duty to carry out any necessary research.

(My understanding only - I'm not a qualified lawyer).

Martyn


On 25/10/2018 10:30, Michael J. Pont wrote:
> Can anyone give me a real-world example of an injury or death that can 
> be directly linked to the use of C or C++ in an automotive system?
>
> I don't believe that such an example exists.

More information about the systemsafety mailing list