[SystemSafety] The limits of safe code reuse

SPRIGGS, John J John.SPRIGGS at nats.co.uk
Fri Sep 13 11:50:49 CEST 2019


Yes - I prefer SOUP = Software Of Uncertain Parentage

From: systemsafety <systemsafety-bounces at lists.techfak.uni-bielefeld.de> On Behalf Of Olwen Morgan
Sent: 13 September 2019 10:31
To: systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] The limits of safe code reuse




Well, some people call it COTS. The term I prefer is the more apt "SOUP", meaning software of unknown provenance. AFAI recall the medical systems community tends to use this term instead of COTS.

Calling it SOUP highlights the risks a bit more than calling it COTS does.



Olwen


On 13/09/2019 10:23, SPRIGGS, John J wrote:
“Reuse” tends to be a term applied to items within an organisation; if you acquire the software from elsewhere it is usually called “COTS”, or similar, regardless of how many times it has been used elsewhere

John

From: systemsafety <systemsafety-bounces at lists.techfak.uni-bielefeld.de><mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de> On Behalf Of Daniel Grivicic
Sent: 13 September 2019 08:52
To: systemsafety at lists.techfak.uni-bielefeld.de<mailto:systemsafety at lists.techfak.uni-bielefeld.de>
Subject: [SystemSafety] The limits of safe code reuse

Hello Folks,

I am interested in understanding the limits of software reuse for critical systems. My application is rail, however, I am very open to understanding reuse in other disciplines.

Reuse of software is usually not good. Certainly recent discussions have suggested this. Where is the line for reuse drawn? For example, native elements are always reused - an IF statement is native and reused in new applications. I don't re-invent the wheel and develop these native elements. I reuse them.

If I build a large application (in any language) and try to modularise this, I may be inclined to reuse these modules/routines/objects in other subtly or vastly different applications in the future. Such reuse can be problematic. With solid development control, outcomes of the program in a new (different) application can be favourable (errors will be limited). Is there a maximum level of analysed code complexity where an alarm should be raised when this programmed module is reused?

Further, if I build a function using a full variability language and package this function within a limited variability package (taking the definitions of full and limited variability from, say IEC 61508) can this new function that is now considered a limited variability function be safe (possibly a loaded word) to use? I can't see inside it to know (eg code protection is enabled).

If I extend this idea further, a large multinational can develop the functions and this large multinational pays an independent assessor to validate the function. I then buy these functions to reuse them in my new application. Code reuse occurs but is it considered code reuse as I purchased the functions? I am not reusing them I am 'just' using them.

Thank you for your time and I am really interested in understanding where these limits may be. Any references or further reading is appreciated.

Cheers,

Daniel.

________________________________
If you are not the intended recipient, please notify our Help Desk at Email Information.Solutions at nats.co.uk<mailto:Information.Solutions at nats.co.uk> immediately. You should not copy or use this email or attachment(s) for any purpose nor disclose their contents to any other person.

NATS computer systems may be monitored and communications carried on them recorded, to secure the effective operation of the system.

Please note that neither NATS nor the sender accepts any responsibility for viruses or any losses caused as a result of viruses and it is your responsibility to scan or otherwise check this email and any attachments.

NATS means NATS (En Route) plc (company number: 4129273), NATS (Services) Ltd (company number 4129270), NATSNAV Ltd (company number: 4164590) or NATS Ltd (company number 3155567) or NATS Holdings Ltd (company number 4138218). All companies are registered in England and their registered office is at 4000 Parkway, Whiteley, Fareham, Hampshire, PO15 7FL.
________________________________



_______________________________________________

The System Safety Mailing List

systemsafety at TechFak.Uni-Bielefeld.DE<mailto:systemsafety at TechFak.Uni-Bielefeld.DE>

Manage your subscription: https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety<https://lists.techfak.uni-bielefeld.de/mailman/listinfo/systemsafety>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20190913/859e3eba/attachment-0001.html>


More information about the systemsafety mailing list