[SystemSafety] Two White Papers
Les Chambers
les at chambers.com.au
Fri Feb 15 01:54:24 CET 2013
Bernard
I enjoyed your White Paper on 61508. You are absolutely right, safety integrity
level numbers are useless in the context of software.
Once again I feel the need to state the obvious on the matter of building safe
systems - something everyone who has ever built a safety critical system
knows in their heart.
1. Safe systems are built by safe people.
2. Safety cannot be inspected, tested, audited or regulated into a complex
software intensive system, it must be built in -- day by day -- every day.
3. Complex systems development is a craft. It requires highly experienced
artisans to ensure that the delivered system does not kill anyone.
4. Claiming you have used the processes and practices called out in 61508 has
no bearing on whether or not you used them well. Auditors are chronically
incompetent and identifying poor or zero process/standards compliance. I'd like
a dollar for every time I've seen a much vaunted and highly respected auditor
skate over and completely miss the dirty linen in safety critical build. You will
never see the dirt unless you're in it. This is why it blows my mind that
regulators are being indicted for not seeing the problems in the 787's batteries.
How could they possibly do that without working on the project, day to day.
If international standards bodies are to have any impact on safety they should
invest their time in supporting the training, experience and qualification of the
people who do the work.
At a practical level this means:
1. Detailed standards for safe code
2. Detailed standards for designing safe architectures
3. Minimum requirements for safety related requirements specifications
4. Qualification criteria for the people doing the work
5. Qualification criteria for subject matter experts describing the requirements
As stated above audits are useless at discovering the devil in the details, but
some other reactive measures are showing promise. Companies such as
Adobe and Oracle are spending significant dollars on identifying security
vulnerabilities in their code. The going rate for identifying a security vulnerability
in Adobe Acrobat Reader is $100,000 in Eastern Europe. That is a very strong
driving force for a technical cohort that is willing to work for eight dollars an
hour. A strong defence has quickly gathered in the West and some of the
principles under which they operate, I believe, are applicable to safety.
Automated proof of correctness does not scale to large code bodies, however
gross measures of goodness are proving useful. Using these ideas, Oracle's
team in Brisbane has discovered enough defects to keep their maintenance
people working into the next millennia.
So how about a standard covering gross measures of goodness in safety
critical requirements, architectures and code? Something that can be validated
with a software tool. You could start with a simple tool that finds words such
as "appropriate" in requirements. That would be a huge leap forward.
Good luck and over to you.
Les
> I have just put two short White Papers up on the RVS publications page
>
> White Paper 1, Standards for Standards: Improving the Process proposes
three principles that would
> improve both the technical quality of standards and their effectiveness at
disseminating best
> practice. http://www.rvs.uni-
bielefeld.de/publications/WhitePapers/RVSsfssPrinciples.pdf
>
> White Paper 2, 61508 Weaknesses and Anomalies sets out some (all?)
weaknesses of the E/E/PE
> functional safety standard IEC 61508, along with some immediate prospects
for potential improvement
> of which we know. http://www.rvs.uni-
bielefeld.de/publications/WhitePapers/RVS61508Problems.pdf
>
> We are very grateful for comments!
>
> PBL
>
> --
> Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld,
33594 Bielefeld, Germany
> Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
>
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
--
Les Chambers
les at chambers.com.au
+61 (0)412 648 992
More information about the systemsafety
mailing list