[SystemSafety] NYTimes: The Next Accident Awaits
Tom Ferrell
tom at faaconsulting.com
Mon Feb 3 17:31:45 CET 2014
As is often human nature, there is a lot in this discussion that is
couched in terms of 'either-or' rather than 'both-and.' For many of the
reasons cited by Nancy, it would be very difficult to completely replace
any of the extant certification frameworks wholesale with safety or
assurance cases. For safety cases to be helpful, they need to be
combined with many of the aspects of our current certification
framework, not used as a complete replacement. I think the idea of an
overarching 'case' to help organize and present for review and approval
of certification data would be helpful, especially if it can be used to
focus limited resources on the correct questions to be asking of any new
or modified design/implementation. The current prescriptive guidance
used in aviation-related software is only getting ever more detailed and
prescriptive. It is causing significant focus to be directed at
detailed data generation that increasingly misses system to software
requirements allocation issues and emergent system complexity issues.
In other words, we have moved from protecting the forest by assuring the
trees to trying to protect the forest by assuring the leaves of the
trees. It is an unsustainable path. Anything that causes a refocusing
on the system, its interaction with other systems, and the contribution
of the software to the robustness of those interactions would be very
helpful at this point.
Tom Ferrell
Consulting FAA DER
More information about the systemsafety
mailing list