[SystemSafety] What do we know about software reliability?

Peter Bernard Ladkin ladkin at causalis.com
Sat Sep 26 08:14:27 CEST 2020


There is a thread here whose train is becoming a little hard to follow in reverse, so I shall
reassemble it in forward order

On Sep 15, 2020, at 1:58 PM, Peter Bernard Ladkin <ladkin at causalis.com> wrote:
> Bev and I and Dewi have a colleague who poses the following question.
> 
> "We have clients who have installed hundreds of [examples of our kit] over the last ten years, and
> have never seen any failure. They want to use it in further systems that they build. What
> arguments do we/they need to provide in order validly to justify such further use?"
> 
> So, what is the answer to that question?

On 2020-09-15 20:02 , Robert P. Schaefer wrote:
> that the new use is similar to past use within bounds set by you, and the users are
> experienced and trained within bounds set by you

On 2020-09-15 22:58 , Peter Bernard Ladkin wrote:
>
> Great. Everything's up to me.
>
> Suppose something bad happens and people are hurt. What are the consequences? Do I
> go to jail, or is it nothing to do with me?

> On 2020-09-25 20:52 , Robert P. Schaefer wrote:
> 
> you are protected because the purchaser used your tool in an unsafe manner, similar to gun 
> manufactuers protected from misuse of guns, or auto manufacturers protected from bad drivers, and
> airline manufacturers from pilot error.

Guns are a special case, and the usage and regulation of guns differs so much from country to
country that I don't think it forms any kind of example for critical systems in general.

Road vehicles are regulated in most developed countries. You can't just go on the road with
anything. Britain has what used to be called MoT inspections at regular intervals; Germany the TÜV.
Furthermore, users are highly regulated in their behaviour.

The differences in regulation cause real problems. In the 1970's-1980's, Califonia vehicles required
catalytic converters in their exhaust. They were illegal in Germany. A German colleague wanted to
buy a new car that his family could use for his four years in California and then ship back to (it
was anticipated) Germany and continue to use there. VW or some such. He researched and negotiated it
for a number of months and gave up.

Civil aerospace is obviously highly regulated. Airplanes must be certified by the government, for
commercial passenger aircraft usually on the basis of detailed assessment by one of two authorities
worldwide. Furthermore, users are highly regulated in their behaviour.

In an industry in which manufacturers and users are highly and uniformly regulated, the legal roles
of use and users are better defined. But then, it should be apparent that your first answer, namely

> that the new use is similar to past use within bounds set by you, and the users are 
> experienced and trained within bounds set by you

does not fit the situation, because in such a regulatory regime it is the regulator which sets
bounds, not you.

To remind you of the current situation, in which this question arose. This case is nominally covered
by assessment/regulator, but in an inappropriate manner. In any country the assessor refers to the
standard, and the standard says the kit must be developed according to these-and-these procedures,
and there is no grandfather clause for older kit developed to a previous version of the standard (or
even pre-standard. The standard was only published in 1997). Hence the question: what are the
criteria by means of which our ultrareliable kit continue to be used in the circumstances in which
it is ultrareliable?

My question is not answered by your response.

You only get to invent your own criteria if your client can give them to the assessor and regulator
and that assessor is happy with them. The only generally-applicable kind of answer comes from the
mathematics of reliability engineering, as in for example Birolini.

On 2020-09-25 20:57 , Robert P. Schaefer wrote:
> and, on top of that, you are a corporation, there is no person to send to jail.

That may be a US-specific answer. In the UK, there is a crime of corporate manslaughter. Company
directors can go to jail.

PBL

Prof. Peter Bernard Ladkin, Bielefeld, Germany
Styelfy Bleibgsnd
Tel+msg +49 (0)521 880 7319  www.rvs-bi.de





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/pipermail/systemsafety/attachments/20200926/4e8be7a0/attachment-0001.sig>


More information about the systemsafety mailing list