[SystemSafety] A small taste of what we're up against

[Olwen Morgan]

On 26/10/2018 12:55, C. Michael Holloway wrote:

<snip>

> The implicit argument goes something like this: The commercial 
> aviation community uses C quite a lot; the safety record in commercial 
> aviation is fabulous; thus, using C is clearly acceptable. Over the 
> years, I've heard people from the automotive and medical sectors 
> (along with many researchers) justify their practices with words that 
> reduce to this specious argument.

<snip>

I've seen such reasoning many times. It's the result, IMO, of a 
combination of box-ticking and CYA mentalities. People think that if 
they are seen to do what others do, then that's ipso facto accepted good 
practice. The question of whether what they are doing is technically fit 
for purpose is hardly ever asked; in many cases if it were, there still 
would not be the technical expertise to produce sound answers.

As it happens, I am A UKAS assessor for compiler testing (did the 
course, got on the register, and then the expected commercial market did 
not appear - so I've never actually audited a compiler testing process 
under UKAS auspices, though I have performed and supervised several lots 
of compiler validation tests over the years.) In assessing the 
competence of testing and calibration laboratories, a UKAS assessor is 
expected to consider whether the methods used are fit for purpose. As 
far as I can see, process audits to 61508, 26262, etc, often pay only 
lip service to fitness for purpose.

Overall I have a very low opinion of what I've seen of software process 
assessment. I may be unintentionally maligning some auditors here but 
I'll be happy to stand corrected.


Olwen